Pinterest Stumbleupon Whatsapp
Ads by Google

There’s this German word I love: Schadenfreude. It’s one of those weird words that doesn’t really have a direct English translation, but it roughly means taking joy at other people’s misfortune. It basically describes how I feel about what’s been happening to Ashley Madison recently.

Ashley Madison, for those not in the know, is a dating site that focused on facilitating extra-marital affairs. It can be thought of as the Facebook of philandering, with over 37 million registered, adulterous users. As is so often the case with dating websites, the overwhelming majority of their subscribers (between 90 and 95 percent) were men.

am-homepage

Here’s where the schadenfreude kicks in. They were recently hacked by Impact Team  – an otherwise unknown band of hackers – who threatened to leak their entire database unless the cheating website (and companion sites Established Men and Cougar Life) was shut down.

Avid Life Media, who own Ashley Madison, refused to comply. Earlier this morning, 9GB of data from the site was dumped onto a Tor darknet website. It contained everything. Not just usernames and emails, but also internal emails, corporate documents sexual preferences, biographical data, and even GPS locations. Ouch.

Ads by Google

If you were caught up in the Ashley Madison leak, allow me to express a sincere and Nelson Muntz-like haw haw. I must admit, I’m not terribly sympathetic. But still, as a security writer I feel obliged to tell you a few things.

Change Your Passwords

Ashley Madison were thoroughly and utterly owned. There’s no escaping that. But I should give them credit for having some pretty sensible security procedures.

Passwords in particular were obfuscated using bcrypt; one of the most secure, one way hashing algorithms. In particular it was nice to see they weren’t storing passwords in plaintext, or the near-useless MD5 hashing algorithm What All This MD5 Hash Stuff Actually Means [Technology Explained] What All This MD5 Hash Stuff Actually Means [Technology Explained] Here's a full run-down of MD5, hashing and a small overview of computers and cryptography. Read More .

am-keys

The amount of sheer computational power required to break a bcrypt password is immense. That means if you used a secure, complex password, the odds of it being decrypted are relatively slim. But if you use a common or weak password, you should expect your password to be soon become public knowledge.

Either way, you’d be advised to change your passwords on any sites where you used your Ashley Madison password and never use it again.

Think About Credit Cards

Included in the data dump were records of financial transactions dating back to 2007. These included names, street addresses, emails, amounts paid, but not entire credit card numbers. Each of these records contains a four digit number that’s largely assumed to be either a transaction code, or the last four credit card numbers.

This in itself isn’t that much of a problem. There’s not a lot you can do with the last four digits of a credit card. But some companies do allow you to verify your identity with it.

am-cards

You might remember in 2012 when Wired columnist Mat Honan had his entire digital life eviscerated. Everything from his Apple mail, to his Google accounts. Even his Macbook and iPhone were remotely wiped.

This was made possible because Apple allowed people to authenticate with only the billing address, and the last four digits of a registered credit card.

It might be a bit paranoid. Hell, I’ve often been accused of being such. But if I got caught up in the Ashley Madison hack, I’d immediately cancel my card, and disassociate it from any of my online accounts.

Expect To Be Punished

Here, I really want to stress something. If you were caught up in the Ashley Madison hack, you should realize that private, intimate details about your life and sexual preferences have been made public. What was once personal is now open for the world to see. That’s just something you have to deal with.

It’s worth pointing out that when dating websites have been hacked in the past, it then resulted in the users being vigorously and thoroughly trolled, and their digital lives being flipped upside down.

When 4chan denizens hacked an unnamed Christian social network in 2009, they were able to make off with emails and passwords. These were then used to gain access to Facebook accounts, where the hackers then posted obscene, racist or lewd messages to embarrass the owners.

I didn’t agree with that then, and I wouldn’t agree with it now. That said, it wouldn’t be remotely surprised if something similar happened this time.

According to CSO Online, about 14,000 US government and military emails were found in the dump. British daily The Telegraph has said there were scores of .gov.uk emails. If you were one of them, don’t be surprised if you get in hot water with your employers.

By now, odds are pretty high that there are some tabloid hacks sifting through the leaked dump, probably with the help of someone who knows SQL. They’ll be looking for celebrities and politicians. If you are a public figure and used Ashley Madison, you can pretty much expect to be thoroughly and publicly disgraced.

Although, as we recently saw with Gawker What in the World is Up With Gawker? What in the World is Up With Gawker? Gawker.com, the popular gossip blog, stopped publishing anything for two days following the resignation of Tommy Craggs and Max Read, over the removal of an article written by Jordan Sargent last week. Read More , that’s probably not a good thing.

As anyone who’s read Jon Ronson’s magnificent So You’ve Been Publicly Shamed (or, for that matter, watched his latest TED talk) knows, we all share an incredible capacity for collective outrage and public shaming.

Start Making Amends

If you were on Ashley Madison, it’s safe to say you’re probably in a bit of hot water at home. That’s bad news for you, but great news for a few other people:

Firstly, you should apologize. If your significant other isn’t speaking to you, perhaps send her an emailed apology The Art Of The Apology: How To Say Sorry With An Email (And Mean It) The Art Of The Apology: How To Say Sorry With An Email (And Mean It) We all mess up, so asking for forgiveness is an important skill to have. Apology emails are not easy. Here’s how you say sorry with an email, whilst still being genuine. Read More . Maybe you could take a leaf from Robin Thicke’s book and write her an entire album.

Flowers are a safe bet, too. You probably won’t be able to afford 1-800 Flowers’s Ashley Madison package, but you can still send a thoughtful bouquet and card from your iPhone Forgot An Event? Send A Quick Card Or Gift From Your iPhone Forgot An Event? Send A Quick Card Or Gift From Your iPhone In the digital age, you have far fewer excuses for forgetting an important event — but when you do, you also have a lot more options for making up for it! Read More .

am-flowers

If that doesn’t work and you have to move out of the house for a few days, check out these 10 search hotel search engines The Best Hotel Search Engines to Grab Great Deals When You Travel The Best Hotel Search Engines to Grab Great Deals When You Travel We sat down to look for the best hotel booking experience online. The ones who are making it cheaper, easier and safer to get a room. Here are our definitive top 10. Read More .

It’s Going To Get Messier

At the time of writing, the Ashley Madison dump has been online for about 12 hours. It’s still very early days. I predict that in the week to come, we’ll see a lot more public embarrassment. A lot more marriages ended, and careers disrupted. It’s going to get messy, indeed.

Already, we’ve seen sites that facilitate access to the leaked data. There’s ashmadlookup.com, which simply confirms whether an email was in the database.

am-lookup

There’s also haveibeenpwned.com, who are taking a slightly different approach. Here, the data is only accessible for those who have verified their email address with them, due to the incredibly sensitive nature of the data.

So, what advice does Impact Team have for you?

“Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.”

You can’t argue with that. Ashley Madison systematically failed to protect their customers. I don’t doubt they’ll find themselves in court in the months to come.

Over To You

Were you impacted by the Ashley Madison breach? Do you know someone who was? Want to talk about it? Drop me a comment below, and we’ll chat.

Photo Credits: Keys on Keyboard (Intel Free Press), How Many Credit Cards Should I Have? (Mighty Travels)

  1. Mihir Patkar
    August 30, 2015 at 2:15 pm

    I don't really have a problem with the article's base premise, but I do question the advice later, especially since the earlier security-related advice seems logical. Emailed apology? Flowers? Check into hotel rooms? You're talking about two people's lives here and being far too frivolous about it. The article was great till that part.

    • Matthew Hughes
      August 30, 2015 at 2:19 pm

      Maybe I'm just callous, but I really don't care.

      Yeah, I'm talking about people's lives. But the woman (Ashley Madison was almost entirely male) will almost certainly be better off with someone who knows the meaning of the word "fidelity", and the guy is a scumbag for cheating.

      • Mihir Patkar
        August 30, 2015 at 2:24 pm

        If you're callous and you really don't care, maybe you aren't the right person to give advice about something where you acknowledge you're callous and don't care.

        Be a security advisor, which you did well. Don't be a relationship counsellor.

    • Matthew Hughes
      August 30, 2015 at 2:25 pm

      Yeah, but it was obvious my tongue was in my cheek here.

      I wasn't actually giving relationship advice. Like you said, I was being frivolous. Flippant, even.

      • Mihir Patkar
        August 30, 2015 at 2:37 pm

        It doesn't really seem necessary to the article, is my point. I can see why one throwaway line would be worth it. To have a whole section, with 4 paragraphs, two photos, one tweet, and one video, seems "far too" frivolous, not just frivolous/flippant/callous/adjective.

        My larger point is, it's fun to sit in judgement, but there are different avenues to express those. I'm all for you voicing these opinions on your personal Twitter/blog/FB. I did too. I chuckled through some of the snipes and cracks in the early paragraphs because, like with a well-written monologue, it delivered an important message with a dose of humour.

        But that entire "What you should do" was wholly unnecessary in what is, till then, a solid article. As someone who shares your opinion about cheating being incredibly assholic, it was disappointing to see you demean the gravity of the situation.

        Some of those families might have kids involved. Some might have extreme financial problems, or several other reasons where a split isn't possible. The victim (for lack of a better term) knows that being with someone who will honour fidelity is better, but there can be a lot of reasons due to which splitting up isn't an option.

        My biggest problem is this: Ashley Madison trivialized infidelity and made it frivolous. Unfortunately, that's what you did with that section too, imo.

  2. dinika saxena
    August 25, 2015 at 6:00 pm

    Looks like the divorce rate is going to skyrocket this year.

    This is kind of like Cersei Lannister's walk of shame - what happened is certainly wrong, but I'm not so sure I feel sorry for the victims.

    • Matthew Hughes
      August 30, 2015 at 1:07 pm

      Nope. I'm not terribly sympathetic, either.

  3. Zanes Zoo
    August 22, 2015 at 12:22 am

    You say you are a security writer and "But I should give them credit for having some pretty sensible security procedures." which would indicate that AM was doing things fairly well (obviously not well enough especially after finding out they were a target of the Action Team). Yet you seem to have no sympathy for AM or their customers which is confirmed when you said "If you were caught up in the Ashley Madison leak, allow me to express a sincere and Nelson Muntz-like haw haw. I must admit, I’m not terribly sympathetic." Nice.

    And then you say
    "You can’t argue with that." to the Impact Team's "Learn your lesson and make amends".

    Sorry, I can argue with that.

    The Impact Team went way out of their way to get into other people's business and expose that to the entire world. To my mind, that is so much worse than what probably 90% of the AM customers were up to.

    And, in this day & age, people won't be able to just "get over it" as the team directs since the info will be on the internet and it is possible that every potential employer or friend or date will search these people's names and be shown articles that say they were AM customers back in 2015.

    As a security writer you should focus on the technology rather than glaze over it and you should be outraged about the hack. Most of your advice to AM customers was condescending.

    The tone of this article has obviously left a foul taste in my mouth. All I can say is I think I'd rather go for coffee with any of the AM customers rather than this writer. The writer has taken the same attitude to the AM users as the Action Team has taken. (I say, keep the attitude inside your own church on Sundays.)

    I am not an AM client and happen to be faithful to my spouse but I am finding so many people enjoying their Schadenfreude at the expense of average, normal, people who had the misfortune of having a website they joined being hacked by holier-than-thou a-holes. The penalty they will each pay is pretty harsh compared to their "sins" or compared to the penalty paid by 99.99% of the people through history who have, or wanted to have, done the same sin.

    • Matthew Hughes
      August 30, 2015 at 1:14 pm

      > "which would indicate that AM was doing things fairly well"

      Actually, no. Put it in context in which the sentence was written. I was talking about the fact they didn't save their passwords in plaintext, or in some other ludicrously weak format.

      > "As a security writer you should focus on the technology rather than glaze over it and you should be outraged about the hack."

      Thanks for telling me how to do my job.

    • Mark
      December 12, 2015 at 6:04 pm

      This comment is ridiculous. You focus on a hack team that exposed cheaters, instead of the real issue at hand.

      "normal, people who had the misfortune of having a website they joined being hacked"

      a misfortune? really? You actually believe they "accidentally" joined a website the sole purpose of which is to find "a mate" to cheat with? Jeez... if their email just happened to be there, it cause them to issues as they would easily prove it to their loved ones.

      You do realize this business was created specifically to make as much money as possible on infidelity. The more infidelity there is, the more money they make. Even their headline incentivized people to cheat: "Life is too short. Have an affair." Wow, just wow.

      AM knew about the hack and refused to shut down. Why? Because they could care less about their clients. Because they know there would still be some who wouldn't know about the hack who would gladly pay them to use the service. This is a very sad premise to start and run a business.

      And most importantly, even though they could, hackers didn't demand ransom from subscribers. All they asked for was to shut down a service that promotes and incentivizes cheating....

      Moral of the story: do not cheat! and if you can't, don't get married. simple as that. really. And any legitimate company would have not only prevented this hack, but also made sure their clients didn't have to suffer the consequences.

  4. fcd76218
    August 21, 2015 at 1:05 pm

    Before engaging in holier-than-thou condemnation of alleged Ashley Madison clients, you should read Guy McDowell's article on Internet Mob Justice.

    I see that your favorite physical exercise is jumping to conclusions. It seems that quite a few email addresses were in the Ashley Madison database without their owner's knowledge, meaning that they WERE NOT clients/philanderers. Security experts still have not established the veracity of the hack.

    As a security writer you should be very concerned about what the Ashley Madison hack means to the rest of the Internet. Which site is next? What group with an ax to grind will be the next to expose millions of people to public shaming? Earth Liberation Front? Animal Liberation Front? The jihadists? GreenPeace? Is your life so free of skeletons that it can stand the scrutiny by any and all wacko groups out in the wild? Actually, it does not matter. Your name, rank and serial number could be stolen and included on a hit list just to make it larger.
    BTW - have you checked whether any of your email addresses are among the 9GB of data dumped unto the darknet?

    • Matthew Hughes
      August 30, 2015 at 1:09 pm

      > "I see that your favorite physical exercise is jumping to conclusions."

      Actually, it's Crossfit.

      > "BTW – have you checked whether any of your email addresses are among the 9GB of data dumped unto the darknet?"

      No, I used a burner email. I mean... Wait... What?

  5. Jeffrey Barber
    August 21, 2015 at 1:16 am

    If you are married you have made a vow to your spouse, to be faithful (In Christian terms that means the ONE and only). Single men or women, well maybe. It's still pretty risky to have multiple sexual partners, diseases and all. Come on there's still Hepatitis C etc see here. http://www.cdc.gov/std/

    • Matthew Hughes
      August 30, 2015 at 1:08 pm

      I don't think monogamy is limited to Christians. I'm an atheist, and I find cheaters (and Ashley Madison) absolutely disgusting.

  6. youmichaelmouse
    August 21, 2015 at 12:38 am

    Why would liberals have a problem with cheating? No Rules! If it feels good, well you get the idea.

    • Matthew Hughes
      August 30, 2015 at 1:07 pm

      I... Don't think you know what a liberal is.

      • youmichaelmouse
        August 30, 2015 at 3:41 pm

        I'm speaking about their practices, how they come across to the world in everyday life in the news media esp. i.e. I do know that.

  7. Jeff C
    August 20, 2015 at 9:58 pm

    Since I recently found out that there is an extra-marital affair dating site that is actually run by a Private Investigator this is going to become more interesting.

    I'm not a cheater.
    I have been cheated on.
    I'm only a little conflicted about this, on the one hand it's like shining a light on cockroaches, on the other hand another blow to the illusion that there is still such a thing as privacy.

  8. Jon Green
    August 20, 2015 at 10:35 am

    Like the author, I feel morally split by this. On the one hand, the site's whole ethos is reprehensible. So are the majority of its users (although, to be fair, some of them may be in open partnerships, using Ashley Madison with the full knowledge and support of their partners). But something deeply private and personal has been made public, for millions of people, for the sake of making a point - and that was more reprehensible still. It's the hackers who emerge from this with the lowest moral standing, I feel. The same could have been achieved - if it had to be achieved at all - with a much smaller release of data.

    I have no doubt whatsoever that this signals the commercial end of Ashley Madison. No-one's going to use them again, and the class-action impact will be financially lethal. But all that really does is to open the market to competitors, to fill the gap they left.

    Nothing will change, except for 74 million lives.

  9. Paul Seymour
    August 19, 2015 at 6:03 pm

    I love the how the wide paint brush has been applied here that everyone who uses Ashley Madison were all adulterous. Let's not even discuss that there were a large contingent of folks who used the site to have one-offs with other singles without a full relationship (so as to avoid those on "other" sites), and people in open relationships.

    Way to assume. Good journalism.

Leave a Reply

Your email address will not be published. Required fields are marked *