How the Ashley Madison Hack Could Threaten People's Lives
ICE News
August 20, 2015
https://news.vice.com/article/how-the-ashley-madison-hack-could-threaten-peoples-lives
The widespread reaction to the now-public trove of stolen user data from extra-marital dating service and social network Ashley Madison has generally not been one of sympathy — but it is quickly becoming clear that there is a darker effect of the massive hack, which could now be threatening people's lives.
On Tuesday, a hacktivist group called Impact Group posted nearly 10 gigabytes of Ashley Madison users' personal information online, including email and street addresses, partial credit card numbers and transaction details, passwords, physical descriptions, and partial names.
But the data is not limited to emails and names — it also includes deeply personal information about people's sexual preferences and habits. In other words, if you had an account on Ashley Madison, everyone in the world can now see if you are interested in cross-dressing, spanking, or any of the other 62 available sexual fantasy categories on the site.
Little pity has been shown for those who had signed up for Ashley Madison, which uses the slogan "Life is Short. Have an Affair."
Yet aside from public shaming and angry spouses, the publishing of millions of user identities and their personal sexual habits for the world to see comes with potentially dire consequences for many users' careers and lives.
"We have to be very cautious and I think sensitive to this," Brian Krebs, a data and security analyst, told the Guardian. "There's a very real chance that people are going to overreact. I wouldn't be surprised if we saw people taking their lives because of this."
Ashley Madison boasts of having nearly 40 million users around the world — more than a few of which are likely to be in some of the 79 countries where homosexuality is illegal, and in some, punishable by death.
Some have already begun to worry for their lives. Shortly after the hack in July, a Reddit user posted that he is a gay man living in Saudi Arabia who had set up an account to meet other men. He was afraid he would be killed if his identity was revealed, as homosexuality in his country is a capital offense.
And at least two Ashley Madison users were reportedly revealed in the hack to be living in the United Arab Emirates, where the punishment for adultery is flogging, and homosexuality is also a capital offense.
According to a partial list of Ashley Madison users posted on PasteBin.com, there is at least one iran.gov email. In Iran adultery is illegal, and can be punished with stoning, lashing, or death. There are also more than 100 Vatican email addresses on the Pastebin list. If these are linked to the identity of priests, the users could be ex-communicated from the Catholic Church.
The hack also revealed thousands of US military emails. Since adultery violates the military's Uniform Code of Justice, the posting of the data could result in a dishonorable discharge for those users.
Adding to this sense of panic is the fact that Ashley Madison's data has been made far more accessible than other high-profile hacks of personal information. Typically when a massive amount of data is stolen — such as with the 2014 Sony hack — it requires complicated torrent software to download and sift through, making it difficult for the average internet user to access. But almost immediately after Impact Group posted the Ashley Madison data online, many cyber sleuths eagerly descended onto the records and compiled the information into easily searchable databases. There are now several sites that offer simple ways to locate names or emails among the massive trove of data, despite attempts by Ashley Madison to shut them down.
Though an individual's email or name is in the Ashley Madison database, it does not necessarily mean that person has an account. Since the site doesn't require users to verify their identity, many of the accounts are likely bogus, according to the security expert and blogger Robert Graham.
"Obviously [some accounts are] made up things for people who just want to look at the site without creating a 'real' account," he said.
For instance, Tony Blair's email, tblair@labour.gov.uk, was discovered in the database, but this does not in any way confirm that the former British prime minister has been using the site to find dates.
For many, a major selling point of Ashley Madison has been its supposed discretion. But the company has never guaranteed that its users' information would be kept safe.
"Although we strive to maintain the necessary safeguards to protect your personal data," reads Ashley Madison's Terms and Conditions, "we cannot ensure the security or privacy of information you provide through the Internet and your email messages."
|