Cheating on your spouse used to be so much easier. Okay, that’s the last joke I'll make about the Ashley Madison hack – the latest news is too frightening to make light of. The report that the long-rumored release of data on more than 32 million people should scare everyone, whether they have ever been on the site (whose slogan is “Life is short. Have an affair”) or not.
From The Guardian:
The 10 gigabyte database file was released on BitTorrent and the dark web on Tuesday night and includes email and postal addresses, user descriptions, weight and height, encrypted passwords, partial credit card numbers and transaction details.
While information can be faked on the site, this looks to be real and has been independently confirmed by several parties.
The hackers, who called themselves Impact Team and stole the user database in an attack in July, demanded that Ashley Madison and its sister site Established Men, both owned by Toronto-based Avid Life Media, be taken offline, threatening to release the personal information in 30 days if their conditions were not met.
So what’s the context here? This is certainly not the first-ever big hack. EBay, Target, the healthcare company Anthem, have all been hit, though much of the information revealed was not often life-changing. The hack of Sony Pictures, which made public information on thousands of employees and led to the departure of well-regarded studio head Amy Pascal because of racially insensitive emails, had very serious consequences for a relatively small group. Several high-profile female celebrities, including Jennifer Lawrence, were targeted in a nude-photo hack-and-leak last fall, and while terrible, the crime wasn't widespread.
But the Ashley Madison hack and subsequent info dump reveals millions of people to be involved in adulterous relationships. Maybe they should have known this was possible before they a) chose to have an affair and b) signed up with a company whose business plan is based on profiting from people’s faltering marriages. Still, there will be nasty fallout for the families involved, and it shows just how bogus many claims of “Internet security” really are.
If you go on the Ashley Madison site right now, you see not only the image of an attractive married woman (wedding ring) swearing you to secrecy (finger over lush, pursed lips) but the description of “Over 38,920,000 anonymous members!” You also get a row of boasts -- “Trusted Security Award,” “100% DISCREET SERVICE,” “SSL Secure Site” – that are now a bit hard to take seriously. Presumably the site knew that security was crucial and worked hard to get it right. If a successful company dedicated to secrecy can be hacked, who can't be?
But while the arrogance of Ashley Madison (the site has condemned the hackers as criminals and moralistic killjoys it claims it will find and destroy) is a bit unpleasant, it’s the larger sense of insecurity that sticks with even those of us who aren't customers of the site.
Some of the smartest takes on this mess come from the site the Awl, where John Herrman has posted a list of implications:
We associate the cost of hacks mostly with identity theft and financial loss, from which most victims are pretty well insulated. Target assessed the cost of that hack at $148 million; outside financial institutions added another $200 million to that figure. You may know someone affected by that hack, but the resulting damages were likely mostly absorbed by their bank or credit card company. It was unsettling, yes, but it wasn’t widely ruinous.
This, on the other hand, is basically unprecedented? Most leaks of this size don’t implicate people in anything aside from patronizing major companies. This is new territory in terms of personal cost. The Ashley Madison hack is in some ways the first large scale real hack, in the popular, your-secrets-are-now-public sense of the word. It is plausible—likely?—that you will know someone in or affected by this dump.
Apparently there are thousands of addresses of government and military figures in the U.S. and UK. (People all over the world use the site.) It probably won’t take long before famous people and public officials begin the cycle of denial and eventual admission when their information becomes public. (A British Member of Parliament, Michelle Thomson, has just announced that her name is on the list but that she’s had no contact with the site. Who knows? It’s easy to steal an email and register.)
So who do we fault? There’s a lot of blame to go around here: It’s hard to feel too much sympathy for people who keep marriage-wrecking relationships secret from their spouses. It’s even more difficult to defend a business dedicated to making money off it. And it’s almost as difficult to feel warmly toward hackers who open the door to public ridicule and the destruction of families. Whole college classes on marriage and morality will be taught on this some day.
And just as Ashley Madison profited from the rash of unstable marriages around the world, so Internet security firms promising to keep you from having your data exposed could find themselves benefiting mightily from this. And hence an existing arms race between hackers and security firms could go into overdrive.
What will long-term fallout be? As the damage and consequences are gradually chronicled, it’s still hard to say. But whatever your marital status, you woke up today to a new world.