10 Ashley Madison Hack Facts - WMNews Ep. 42

10 Ashley Madison Hack Facts - WMNews Ep. 42

#10: What Is Ashley Madison?
The Company

Ashley Madison is a social networking website, created for people who are married or are in a committed relationship, but are looking for extramarital arrangements. Active since 2001, the Canada-based company runs with the slogan, ‘Life is short. Have an affair,’ and it offers an until-recently ‘discreet’ dating service. As of August 2015, the website had close to 40 million user subscriptions, and attracted more than 124 million visits per month. According to web analytics company SimilarWeb, Ashley Madison is ranked #18 among adult sites.

#9: Who Uses Ashley Madison?
The Users

The majority of Ashley Madison users are male - with around seven male members out of ten. Because of the imbalance, the company has been known to use computer-generated female ‘profiles’ as a way of making the site appear more attractive, and potentially effective, to the male market. In terms of more specific patterns, research shows that the Canadian city of Ottawa is especially receptive to the site, with around 189,000 users - roughly one in five of its population. Capital cities in general appear more Ashley Madison-friendly, with Washington DC, Berlin, Oslo and Athens all topping their country’s respective per capita statistics.

#8: What Is the Ashley Madison Data Breach?
The Hack

The hack occurred in July 2015, and was staged by an until-then unheard of group known as ‘The Impact Team.’ Essentially, the Impact Team got beyond Ashley Madison’s online security, and gained access to the personal information of its users, past and present. The information included full names, email addresses, home addresses, some credit card details, and in some instances, information on a user’s sexual preferences. In all, around 60 gigabytes of data was successfully stolen by a group that’s been described as having a stronger technical skill set than most.

#7: What Did the Hackers Threaten to Do?
The Publication

Once they obtained the information, the hackers threatened to publish it online, unless Ashley Madison and its partner site, ‘Established Men,’ were shut down. When this didn’t happen, the Impact Team followed through on their promise, publishing a list of customer names on August 18th and August 20th, 2015. The move was essentially an exercise in publicly outing and shaming Ashley Madison users on an international scale, placing especially high profile customers, such as politicians or celebrities, in a particularly vulnerable position. For example, Josh Duggar, husband and father of four from the popular TLC TV show ‘19 Kids and Counting’ was found to have two paid subscriptions on the site. However, the repercussions go further still in some countries. Reports suggest that among the leaked database there are over 1000 .sa Saudi Arabian email addresses - and in Saudi Arabia adultery can be punishable by death.

#6: Can You Hide Your Information?
The Revelations

One of the major talking points surrounding the story is that within the leaked information, there were account details of users who had previously paid to have their accounts removed. For any Ashley Madison user who didn’t want to remain a member of the site, there was an option to have your account and data deleted for $19. However, the hack exposed the reality that ‘deleted data’ is never actually deleted at all - despite the service earning Ashley Madison a reported $2 million in 2014 alone. In terms of the individual, it seems all but impossible to hide your information at present. However, it is possible to find out whether you have (or have not) been hacked - there are plenty of websites running such a service.

#5: Can You Find Out If Your Partner Cheated?
The Search

Third party companies designed to determine whether any email address has been compromised saw their web traffic rapidly grow ever since the first suggestions that Ashley Madison had been hacked. However, while services such as ‘Trustify’ and ‘have I been pwned?’ can offer peace of mind to any potential victim, they can also provide any suspicious spouse with a means of finding out whether their partner has cheated - or at least whether their partner has subscribed to a website marketed to would-be-cheaters. However, should an email address be listed as belonging to an Ashley Madison account, it’s important to remember that the site does not run especially stringent membership verification processes. In theory, it’s relatively simple to set-up an account for a fake email address, or for one that doesn’t belong to you. For example, included within the 2015 data dump is a false email address designed to appear as though it’s linked to former UK Prime Minister, Tony Blair.

#4: Has This Happened Before?
The Fappening [aka Celebgate]

Large-scale hacking and publishing such as this has become relatively commonplace within the modern world. On August 31st, 2014, the ‘celebgate’ storm of Apple’s iCloud services received massive media attention. The obtaining and publication of over 500 personal photographs (many of which contained nudity) of major celebrities and personalities was criticized then as a huge invasion of privacy. Eventually, there were two more batch releases of private photos and videos of celebrities. For many commentators, the Ashley Madison breach falls within a similar category.

#3: Has This Happened Before? Part II
The Adult FriendFinder

There are recent instances that relate even closer to The Impact Team’s actions, however. Adult Friend Finder is another adult social networking website, on which users can communicate and arrange sexual encounters - although there is less of a direct focus on committed couples and the idea of adultery. In May 2015, the site’s security was breached and over 3.5 million account details were stolen. A smaller-scale attack, given the site’s 64 million strong membership, the effects upon the victims are entirely similar. In the best-case scenario: embarrassment. Worst case: identity theft, credit card fraud and potential blackmail.

#2: How Has Ashley Madison Responded?
The Investigation

Avid Life Media, the company that runs Ashley Madison, has staggered its own response to the hack in tune with developments, and has sought legal action against those behind it - despite the difficulty in actually identifying them. Initially, the Ashley Madison chief executive indicated that they believed they were on the cusp of catching the hacker, suggesting that the breach was an ‘inside job.’ ‘I’ve got their profile right in front of me,’ said Noel Biderman (beederman), ‘It was definitely a person here that was not an employee but certainly had touched our technical services.’ However, efforts to locate any individual by mid-August 2015 had yielded little, with subsequent Ashley Madison statements serving more as a reassurance that the company was doing all within their power to resolve the issue. ‘We immediately launched a full investigation,’ began one such statement, ‘...Utilizing independent forensic experts and other security professionals.’ ‘Our investigation is still ongoing,’ it continued, ‘...And we are simultaneously cooperating fully with law enforcement investigations.’

#1: Could This Hack Ruin the Company?
The Future

Financially, this could prove extremely costly for Ashley Madison. As of mid-August 2015, two Canadian law firms had launched a class action lawsuit against the company to the tune of $578 million. Regardless, the company will likely be hardest hit in terms of its reputation. The hack will undoubtedly result in the majority of members losing faith in the service, and the majority of those previously thinking about signing up, deciding not to do so. In the weeks following the hack, two suicides occurred – though a potential link had yet to be confirmed – and multiple extortion attempts on Ashley Madison users had been reported. Furthermore, the revelations could also have a negative impact for other morally questionable, adult websites, now that the risks are known. Whether you see the Impact Team as especially effective ‘hacktivists’ or as some form of ‘cyber terrorists,’ the group behind the breach seems to sum up the situation best. Upon first publishing the stolen data, they signed with the message, ‘Too bad for ALM, you promised secrecy but didn’t deliver.’

Did these facts surprise you? To vote for which news story is covered next head over to WatchMojo.com/suggest, and be sure to hit that subscribe button for more newsworthy top tens published every week!