It’s hard to feel sorry for those whose names and personal data have been posted online after hackers stole massive amounts of sensitive customer information from the infidelity website Ashley Madison.
But the hackers aren’t high-minded Robin Hoods or public-spirited activists who should be admired. A major crime has been committed that has the potential to ruin reputations and lives, many of them innocent.
It’s also a sharp reminder — yet again — that the Internet has no secrets, that Internet security is largely a myth. If you don’t want the world to know it, don’t put it online.
Ashley Madison might not be the sleaziest thing you can find on the Internet, but it’s certainly a contender. It’s a website, operated by Toronto-based Avid Life Media, for married people who want to cheat on their spouses. The company says its clients are mainly in North America (including, presumably, Victoria), but that it is expanding to other countries.
“Over 39,050,000 anonymous members!” boasts its website. Well, not any more. Claiming that the Ashley Madison website is a scam with thousands of fake female profiles, the hackers tried to pressure Avid Life Media into taking down the website, and when that didn’t happen, dumped details and log-ins for about 32 million users onto the “dark web,” the part of the Internet not reached by the usual search engines.
But that won’t stop the information from being spread around, and that spread has already begun.
The dumped files consist of millions of payment transactions, includes names, street addresses, email addresses and amounts paid, but apparently not credit-card numbers. One analysis showed about 15,000 .gov and .mil addresses from the U.S. The list shows 170 addresses associated with the Canadian Armed Forces and hundreds more from other federal departments and agencies.
This information prompted New York Times writer Jennifer Weiner to wonder about the intelligence and competence of certain public servants: “How, I ask you, can a country be great when its government workers aren’t smart enough to scurry over to the anonymous embrace of Hotmail and Yahoo when they want to cheat?”
That’s a questionable inference to draw, though. Ashley Madison does not require verification of identities or email addresses — there’s no way to know if members provided legitimate details. One user signed up as “[email protected],” but it’s highly doubtful the former British prime minister was availing himself of the website’s services — that email address is fake.
And therein lies potential for serious harm. Lives of innocent people could be ruined if their identities were used. And even someone using the site under his or her own name, while lacking in ethics and wisdom, would not be breaking the law.
Data-security analyst Brian Krebs, who exposed the Ashley Madison breach, says caution and sensitivity are required.
“There’s a very real chance that people are going to overreact,” he says. “I wouldn’t be surprised if we saw people taking their lives because of this, and obviously piling on with ridicule and trying to out people is not going to help the situation.”
While the Ashley Madison data breach is huge, it’s nothing new. In May, more than 3.5 million people had their sexual preferences, fetishes and secrets exposed after dating site Adult FriendFinder was hacked.
Much larger data breaches have happened over the past several years, jeopardizing the financial and personal information of hundreds of millions of people. Sometimes perpetrators are caught; sometimes they are not.
These crimes, often crossing international boundaries, are difficult to prosecute. You can’t always depend on governments to protect your personal information.
It’s a jungle out there. Look after yourself.
