On the Ashley Madison Hack

[Content Note: Privacy violations.]

Ashley Madison, with the tagline "Life is short. Have an affair.", is a site that facilitates "discreet cheating" between married people. The site has reportedly been hacked, and 37 million users' information has been leaked online, including dating profiles with names, addresses, phone numbers, encrypted passwords, and credit card info. Ashley Madison disputes that the information is real, but experts say otherwise:

Several security researchers have been analysing the data and are suggesting that the database is real and contains the personal details of real Ashley Madison members.

"I've now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database," said Brian Krebs, who broke the news of the original hack.

Rob Graham, researcher from Errata security, said he was still analysing the leaked data but agreed that "it appears legit. I asked my Twitter followers for those who had created accounts. I have verified multiple users of the site, one of which was a throwaway account used only on the site. Assuming my followers aren't lying, this means the dump is confirmed."

...The 10 gigabyte database file was released on BitTorrent and the dark web on Tuesday night and includes email and postal addresses, user descriptions, weight and height, encrypted passwords, partial credit card numbers and transaction details.

The Guardian confirmed that the email address and details of a Guardian journalist who had used Ashley Madison as part of an investigation is in the database released on Tuesday night.

The hackers, who called themselves Impact Team and stole the user database in an attack in July, demanded that Ashley Madison and its sister site Established Men, both owned by Toronto-based Avid Life Media, be taken offline, threatening to release the personal information in 30 days if their conditions were not met.

"Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit and stupidity of ALM and their members. Now everyone gets to see their data," said Impact Team in a statement released with the Ashley Madison data.

Ashley Madison said: "This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities."

Irrespective of one's feelings about Ashley Madison's business or cheating spouses, there is no justification for this breathtaking breach of privacy. Lots of people may agree that cheating spouses are engaging in odious behavior, but if that's a rationale for stealing their private information and publicly posting it, then precious few of us are safe—because there are lots of people who object to lots of life choices on moral grounds. If that's the threshold—"I don't like your choices!"—then we're all in a world of trouble.

The hackers argue that they were motivated by Ashley Madison's shady business practices, and that their clientele was not the primary target but is just collateral damage. Which, frankly, is even more frightening, given that lots of banks and insurance companies and hospitals have objectionable business practices. If "expose for-profit monster corporations" is sufficient justification for grave breaches of privacy, we're all fucked.

Reading comments on articles about this hack has been quite, uh, interesting. It's pretty remarkable (and totally unsurprising) how many brave warriors of tech privacy apparently have principles that only go so far as "this amuses me and they deserve it."

Also fascinating? How many men believe that all women have no idea how the internet works. "Married women haven't even heard of the dark web" was a common refrain. O RLY? Well, I guess a bunch of dudes are about to find out.