Some State databases containing personal information may be less well-protected than commercial outlets such as the hacked Ashley Madison adultery site, a privacy rights group has warned. The names of business people, a politician, civil servants and academics were among the thousands of Irish people who had details of their alleged accounts exposed after the Ashley Madison website was hacked and details published online.
Internationally, the names of 37 million alleged users of the site - which promotes itself with the phrase “life is short, have an affair” - were published and about 115,000 are reported to be Irish.
Nothing illegal
Chairman of Digital Rights Ireland and UCD law lecturer TJ McIntyre said those who had registered on the site had done nothing illegal.
“They did nothing illegal and frankly it’s none of our business. I think it’s wrong that we should be trolling the leak trying to out and embarrass public figures,” he said.
Asked whether there was any such thing as a safe website, he said: “I think that’s a very good question and I think it’s especially important when you think about the number of databases the Irish Government has been trying to roll out recently. We go from Irish Water to the Primary Online Database, which tries to create a database of all school-age children,” he pointed out.
Sensitive information
Such databases contained many things, “including much more sensitive information” than the information exposed in the Ashley Madison hack. “Generally they’re less well protected than private databases,” Dr McIntyre said.
He noted the Ashley Madison material had been made available first on the so-called “dark web” - parts of the internet not readily accessible to ordinary users.
This was a “simple tactic” whereby hackers would make material available initially via a dark web source, knowing it could not be traced back to them, but that once it was available it would be disseminated widely.
Dr McIntyre said anyone with a computer, an internet connection and a couple of hours to spare could download “literally the entirety of the user database” and apparently all the internal communications of the company as well.
He said that with more information being leaked it was possible to pin down the locations from which people registered and the names of the organisations they registered from.