In July this year, a group of hackers claimed that Ashley Madison, a site designed to facilitate affairs between married individuals, retained users’ data even after they’d paid 19 dollars to have it completely scrubbed from the database. They released a small sample of the data they claimed to have stolen, and said they would release the rest of it if Avid Life Media, the owner of the site, didn’t take it (and its companion site, Established Men) down. Avid Life Media said it was a bluff, and Ashley Madison stayed up.
Today, a 10GB torrent file was released on the dark web with the following statement:
“Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95 per cent of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.
“Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.”
A number of sources have claimed the validity of the data; Per Thorsheim, a security researcher, was able to confirm the validity of some of the details included in the dump (his own, from a profile he created while researching dodgy dating sites, and that of one of his sources). He was also able to verify that other information in the file matched up to users he’d viewed while investigating the site. Microsoft MVP for Developer Security Troy Hunt said that there are too many things in the file that couldn’t have been faked – or would have required an enormous amount of effort to fabricate.
While it would be easy to see the moral of this story as “don’t cheat on your spouse”, it also highlights just how careless people can be with handing over their personal data. 73% of people admit to not reading website terms and conditions before handing over their email address, if not their full name, date of birth and other valuable data. Of those who do read the terms, only 17% say they understand them.
When you’re signing up for an online product or service, you should ask yourself the following questions:
1. Why do they need the data I’m handing over?
2. What are they going to do with that data (including, but not limited to, how long will they be keeping it in their system)?
3. How would I feel if this data were released to the public (by the website, or one of its users)?
For the most part, handing over your credit card details to a website that’s planning to store them for future use (eg, ongoing automatic billing) isn’t a huge issue; if your card details get released, you cancel the card and hope you don’t end up out of pocket. If your name, date of birth, address and/or phone number are posted, you might run into some issues with stalkers or identity theft (the likelihood of that depends on your profession). If there’s something you don’t want your friends and family knowing about (your sexuality, gender identity, hobbies), think carefully about who’s on your friends list (because you never know who might take a screenshot), make sure you understand your intellectual property rights, and if you really don’t want anyone seeing your posts, messages or knowing you’ve bought a particular product or service…maybe it’s better to avoid it altogether.
Ashley Madison lied to its users, and asking for 19USD to completely scrub a user’s details (whether they did it or not) is very thinly veiled extortion. For the most part, asking yourself the above questions will help you keep your information safe online; particularly if you belong to a private social network, where you know the owners/moderators and can trust them to remove your data if you ask them to.