It has now been a week since more than 30 million Ashley Madison users’ personal data was leaked online — their names, email addresses, physical descriptions and detailed sexual preferences splattered across the Web for all the world to gawk at.
From early divorce proceedings to unconfirmed suicides, from celebrity shaming to extortion attempts, the repercussions are already being felt. But we won’t have any real idea of the true human cost of the hack for years.
The hacker’s motivation is meaningless
The hack of Ashley Madison has been framed by its perpetrator as an act of retribution — punishing the company for lies it has allegedly told its customers. The hacker (or hackers), who call themselves The Impact Team, claim that the $US20 “Full Delete” service Ashley Madison offered was fake. Users pay the fee in return for having all information on them scrubbed from the site. Impact Team alleges that this is a lie, and that the company retains some information on users; Ashley Madison’s parent company Avid Life Media (ALM) denies this.
Whether or not the claim is true, it is the customers who are paying the price. CEO Noel Biderman’s emails are now available online for anyone to read, but whatever potential embarrassments are hidden within likely pale in comparison to the humiliation that Ashley Madison’s millions of customers will soon feel, or are already going through.
The list of victims grows longer by the day
One of the earliest headlines following the dump of user data was the discovery that there were around 15,000 US military and governmental email addresses included. Because users are not required to verify their email addresses upon signing up to Ashley Madison, many of these are certainly fake — but many of them will already be real. The US military has already confirmed it is investigating, and may be disciplining personnel who are discovered to be members. It’s not unreasonable to expect that other companies are also already scanning for employees.
Meanwhile, the “outing” of users is well underway. Politicians, YouTube stars, and activists have all already been shamed for having emails on the site (some admit it, but at least one maintains they didn’t sign up — email verification isn’t required, after all). But this hunt isn’t restricted to high-profile members.
Troy Hunt, a security expert who has become a point of contact for many of the hack’s victims, has put together a tragic compilation of the emails he has received from terrified Ashley Madison users. Numerous tools quickly sprung up letting anyone see if an email address is included in the dump; one person reached out to say that they “got a call, from our church leaders yesterday, saying my husband’s work email was on [Ashley Madison email checker], oh my!”
It’s no surprise, then, that the first divorce proceedings relating to Ashley Madison have already begun.
One female Ashley Madison member reached out to The Intercept to share her story. She was a mother trapped in a loveless marriage with a man suffering from cancer. “I went on AM out of loneliness and despair, and found friendship, both male and female, with others trapped in terrible marriages trying to do right by their children,” she wrote. “I expect to be ridiculed by colleagues, to lose my job, and to be publicly shamed.”
Shame isn’t all that’s at stake
In the West, an outed member’s life is likely to be ruined, but unlikely to be (directly) threatened. Not so elsewhere in the world. According to Sky News, there are more than 1,000 Saudi Arabian email addresses in the dump. At least one gay Saudi Arabian Reddit user claims to have used the service because of its promise of discretion — he has since had to flee because homosexuality is punishable by death in the country.
Jobs are being threatened, families being shattered, and there’s yet another sinister consequence to the leak already surfacing: Extortion attempts. There are numerous reports of Ashley Madison members receiving emails from anonymous blackmailers demanding payment (typically in bitcoin) unless they want the details of their membership shared with their friends and family.
Here’s a screenshot of one of the extortion attempts:
Not all blackmailers are necessarily after money, either. Intelligence agencies are likely already “digging” through the data and considering how it can be used to leverage the people named within it, one cybersecurity executive told The Hill.
And now there are two reports of suicides linked to the hack: As yet unconfirmed, but unsurprising. If victims of the leak are faced with the loss of their jobs and their families, along with the threat of criminal extortion and public shaming — is it any wonder that some may choose to take their own lives?
And this is all just the beginning…
When the intimate photos of dozens of female celebrities in late 2014 were leaked online in late 2014 in what has alternately been dubbed “Celebgate” or “The Fappening,” it was an immediate violation. The victims were known immediately, but while the photos remain online, they could in the weeks following begin to repair the damage. Not so with Ashley Madison.
If a member of the site is not already outed or extorted today, that’s no guarantee they won’t be targeted in a week, or a month, or a year. The internet never forgets, and despite Avid Life Media’s best efforts, it is a foregone conclusion that the database of users will never truly disappear online.
The true number of blackmail attempts, divorces, job losses, broken families, ruined lives, witch hunts, violent retributions, and suicides won’t be known for years to come.
Even for those who aren’t found out, it will always hang over them — an indefinite sentence for something that is not a crime, and may not even be immoral. As Glenn Greenwald argues in The Intercept:
The fact that someone’s name appears in the Ashley Madison database does not mean they have engaged in marital infidelity. To begin with, it is easy to enter someone else’s name and email address … Beyond that, there are all sorts of reasons someone may use this website without having cheated on their spouse. Some may use the site as pornography because it titillates them, or because they are tempted to cheat but are resisting the urge, or because they’re married but in a relationship where monogamy is not demanded, or because they’re researchers or journalists observing this precinct of online interaction, or countless other reasons. This permanent, highly public shaming of these “adulterers” is not only puritanical but reckless in the extreme, since many who end up branded with the scarlet “A” may have done absolutely nothing wrong.
How many Ashley Madison members will feel compelled to keep their head down from here on out, for fear of being discovered? How many will avoid high-profile careers for fear of public scrutiny? How many will be forced to live in shame and secrecy? It’s impossible to know.
For the Ashley Madison members who aren’t discovered, the punishment never ends.