On Tuesday, hackers revealed the personal information of millions of users of infidelity site Ashley Madison. The hackers, who go by Impact Team, stole the user database back in July and demanded Ashley Madison, as well as sister site Established Men, be taken offline; failure to comply, they threatened, would result in the release of user data.
In a statement released with that data, which went online with a note that said “Time’s Up!”, Impact Team said Avid Life Media, the Toronto-based company that owns both sites, had “failed”: “We have explained the fraud, deceit and stupidity of ALM, and their members. Now everyone gets to see their data.”
The data dump is 9.7 gigabytes in size and allegedly contains over 35 million email addresses. That’s 33 million accounts — names, addresses, and every single credit card transaction those users made from the past seven years. It could be a fake, but Ashley Madison confirmed a “criminal intrusion” last month, and some users have claimed to spot their own accounts in the leak.
Ashley Madison’s statement, posted Tuesday to its media site, reports that the company is “actively monitoring and investigating this situation to determine the validity of any information posted online,” citing an ongoing investigation with Canadian law enforcement that has been underway since the July attack. It goes on:
This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.
The personal user information, while released, is still in raw form and lives on the dark web, accessible through the Tor browser only, so we’re not quite at the stage of anybody being able to Google the name of their spouse and be confronted with an Ashley Madison account. But 4chan users — you may remember them from their role in leaking images from the celebrity photo hack — are reportedly in the process of digging through that data and posting what they find online. So that ability for even the techno-novices to search and destroy the privacy of whomever they choose is likely not far away.
How much will this hack cost the individuals it exposes? It’s likely unquantifiable. The personal cost, even in a best-case adultery scenario — a spouse-sanctioned extra-marital affair — is impossible to measure.
After all, these names will live, as all digital paraphernalia does (even the kind that is designed to burn itself after reading), for an internet eternity. This information, once public, could come up in every future job interview, every background check. And that’s just the professional realm; what about kids Googling their parents, or vice versa? And what about public figures; should this information, illegally acquired but readily available, be fair game in media interviews?
The Impact Team notice that accompanied the leak told outed users to direct their outrage at Avid Life Media, “Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.” Really? Can you “get over” a scarlet letter that the internet tattoos on you?
Now is probably a good time to allow for the fact that the founder of Ashley Madison, Noel Biderman, does not exactly have the most endearing public image on the planet. Ashley Madison’s slogan: “Life is short. Have an affair.” It is very, very easy to sit back and watch karma work its magic on people who thought they could get away with having their wedding cake and eating it too.
There’s an element of glee at this Ashley Madison hack, the idea that the cheaters are getting what they deserve. Bookies are in on the action, taking bets for “who might be nabbed for a naughty night under the sheets.” Like everyone in the world can be sorted “victims” and “people who deserve whatever’s coming to them.”
The Ashley Madison hack is the latest high-profile attack on private user data, a series that will, someday, be grouped together in history books. The Sony hack, the celebrity photo hack, the hack of government computers just last month that exposed 21.5 million people, the hack of Target that cost as many as 110 million people their consumer data. We know it is impossible to traverse the internet without leaving behind a trail of personal information, like Hansel and Gretel’s bread crumbs. Even the experts cannot hide the intimate details of their lives from the internet.
The victims of that first trio of hacks — Sony, celebrity, Ashley Madison — are all entities that, historically, we as a society feel entitled to judge: Hollywood power brokers, women behaving in a sexual way, adulterers. But the fundamental narrative here, for every digital hack, is the same: They relied on a technological infrastructure to protect their personal information, that infrastructure failed them, and it is they — not the infrastructure, but the individuals who were failed — who will have to live with the potentially life-upending fallout.
There are plenty of people who respond to this new normal with a tossed off, “I don’t care, I don’t have anything to hide.” This is absurd on so many levels, the most obvious being, surely you do not want anyone on Earth to know your social security number, credit card information, home address, et. cetera. The digital landscape forces us into a binary: Privacy or exposure. And since our internet overlords have deemed privacy “no longer a social norm,” online citizens don’t have much of a choice at all. The negotiation becomes one between staying off the internet entirely or accepting that anything there is to know about you can be known by anyone. And not just everything, but everything, all at once.
The idea of having “nothing to hide” also relies on the assumption that your definition of “nothing” aligns with society’s ideas about what is and is not acceptable behavior. Which brings us back to Ashley Madison.
Maybe you don’t think there’s anything wrong, for instance, with belonging to Ashley Madison. Because you have your reasons, because your marriage is no one else’s business — because, as Dan Savage argues, “sometimes a discreet affair saves a marriage that should be saved.” — but that doesn’t mean you (a) want everyone with an IP address to know what you’re up to or (b) that you can control how that private choice will be perceived in public, or that you can protect yourself against a judgment with which you very well may not agree.
It’s all very, “First they came for the naked female celebrities, and I didn’t speak up, because I wasn’t a naked female celebrity. Then they came for the cheaters…”
As Kashmir Hill writes at Fusion, “With each big hack… I keep thinking it is going to be the momentous event that makes us rethink privacy in the digital age.”
What is going to be the watershed hack? Or did we already miss it?