The public release of roughly 33 million people's personal information from cheating site Ashley Madison on Tuesday, while likely mortifying for the outed users, is more than just an act of public shaming. It's a very real security threat.
With the information made public, hackers can and likely will leverage the database to get into other password-protected sites and systems.
And since the Ashley Madison data dump also included thousands of government email addresses, criminals now have access to personal information about military and intelligence officials.
The technique is simple but effective: Many websites allow users to access restricted areas without a password if they can provide multiple pieces of personal information to verify their identity. Using a database like the one from Ashley Madison, stitched together with some of the countless other databases of stolen information that are easily accessible on the dark corners of the Internet, a hacker can assemble a fairly complete snapshot of an Internet user's profile that can then be used to bypass security steps on a website or computer system.
That's likely how Russian hackers gained entry into more than 300,000 U.S. taxpayers' records on the Internal Revenue Service website earlier this year. The intruders accurately answered identity-based questions about those taxpayers to gain access to their tax history and IRS transcripts, and used that information to file more than $50 million in fraudulent tax returns.