Ashley Madison is a site that few people have much respect for given that their primary purpose is to arrange extra-marital affairs.
Despite not doing anything illegal, the idea of the site is morally repugnant to many, but not enough to stop 37 million users regularly visiting it. They are the same 37 million users who have had their details hacked in what some believe to be the most intimate and potentially damaging hack in history.
The reason for this being so damaging is simple, money can be replaced, but marriages and broken relationships cannot.
In what Ashley Madison believe to have been an inside job, the site was targeted by a group called ‘The Impact Team’ who have so far released 40mb of data, including credit card details of some users, as well as internal documents from Avid Life Media (the owner of Ashley Madison).
One of the strangest aspects of the hack is that they are now holding the data to ransom, demanding that the site is totally shut down. The main reasoning is an administration charge of £15/$19 to complete a ‘full delete’ of a user's information should they decide to leave the site. The hackers claim that this is not done as ‘Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed’.
This means that the only real information held on them after this paid delete, is the same information that can identify them most easily. However, this combined with much of the other information contained on the site, such as sexual fantasies, mean that the potential loss of money from credit card fraud pales in comparison to the embarrassment and potential destruction of family that the connected information may bring. This initial leak of data, which would be the main loss for most companies, is actually the lesser of two evils in this case.
It also throws up the interesting point that should this be an inside job, it would be another example of data security needing to be taken beyond the limits of technology. The Verizon 2015 Data Breach Investigation Report showed that one of the most common causes of data loss was human error or deliberate action. It shows that data security is as much about the security of the individual than the security of the systems that they use. Presently companies are not doing enough to vet their employees and contractors.
From the various comments from around the web about the hack, many believe that these ‘cheaters’ should have their information released. However, with 37 million records on the site and the vast majority being in the US, it could be that as many as 1 in 5 married couples are involved. Therefore, whereas previous data hacks may have seen millions calling insurance companies to rectify the situation, this could see this number called divorce lawyers instead.