Updated: August 26, 2015 8:58:11 am
What is the Ashley Madison website?
AshleyMadison.com is a website for married people, or people in a committed relationship, looking to cheat on their spouses or partners. Their tagline is ‘Life is short. Have an affair’. AshleyMadison.com has been around since 2001, and claims to have 37 million users. It’s been very successful, with revenues of $ 115 million in 2014, up 45% from 2013. AshleyMadison.com is owned by Toronto-based Avid Life Media (ALM), which also owns specialised dating sites Cougar Life (for older women seeking flings with younger men) and Established Men (for rich men wanting to hook up with single girls).
On July 15, it was reported that hackers from a group called Impact Team had stolen data from the Ashley Madison site, and were threatening to post it online. Last week, the hackers posted this data on the Dark Web.
Why did the Impact Team target ALM?
Impact Team are a group of anonymous hackers who say that the Ashley Madison site was encouraging immoral behaviour, and did not deliver on its promise of privacy. They also wanted ALM to take down Established Men, which they said was essentially a prostitution ring that caters to rich men.
While hacking into the Ashley Madison site, the Impact Team wrote, “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online.”
Part of the reason for the hack also appears to be the $ 19 fee that Ashley Madison charges to delete user data. According to the Impact Team, ALM never really deleted the data, and cheated the cheats. In an interview to Motherboard.vice.com, the hackers have claimed they broke into ALM systems years ago.
How much data have they stolen? What’s in the dump?
On the day the hack was first reported, Impact Team had released snippets of data. The hackers claim they have 300 GB with them. In the first dump (August 18) they put out 9.7 GB, including email IDs, addresses, IP addresses, credit card information, and messages posted by users of the site.
On August 20, they put out another 20 GB, which had more of the same, including emails from the CEO of ALM Noel Biderman and the source code of the website.
A full breakdown of the email addresses used by Ashley Madison’s customers has been pasted on Pastebin. The list is organised on the basis of domain names. Over 15,000 accounts used a .mil or .gov address. The .mil addresses are a problem because in the US military, adultery is a punishable offence. The Associated Press reported that employees at the White House, Congress and law enforcement agencies were present on the site.
How much credit card data has been compromised?
It appears Ashley Madison did not store complete credit card information; only the last four digits of the card number were in its database. Credit card numbers are probably the easiest way to link back a piece of data to a customer, so this might be good news for users. However, ALM did save IP addresses of paid users for nearly five years, which meant that it is fairly easy to figure out who was using these accounts, and the AP did just that to identify individuals in government jobs who used the site from office computers.
What is the Dark Web? Why did the hackers release the data there?
The Dark Web is part of the deep web, and it is not something you can just type on your browser to open. Users need to run specific software, in some cases authorisation, to access these networks. In case of the ALM data, Impact Team used an Onion address, (referral to TOR’s Onion router network) which is accessible only through the TOR browser, to dump the data. The TOR browser lets users conceal their identity while browsing the Net. However, the data has made its way on to web sites, Pastebin, BitTorrent, etc.
Logging on to the dark web is risky for anyone who does not know exactly what they are doing. It is the part of the Internet where drugs, child pornography, too are sold.
Does ALM have customers in India?
It was said that Ashley Madison has over 2.7 lakh users in India. A map based on the leaked data has profiled users according to geographical location. According to this map, Delhi has over 38,600 users, Mumbai 32,888, Chennai around 16,000. Other Indian cities too are on the list. The map suggests the site was used mostly by women in India — which is surprising, because in other countries, it is mostly men who seem to have been using Ashley Madison. It is hard to confirm how many of these were genuine users of AshleyMadison.com, given that ALM did not verify email addresses of users. An email address in the database does not mean that someone was using the web site. How many of these India-based users were really active on the site is anyone’s guess.
What’s next for Ashley Madison customers?
In Canada, Ashley Madison is likely to face a class-action lawsuit worth $ 558 million from its users. More lawsuits could follow. Some users, especially those working in important positions, are already facing blackmail threats via email with demands for bitcoins. Canadian Police have said that the Ashley Madison breach might be responsible for some suicides that have taken place, although the claims are under investigation.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.