THE slogan of Ashley Madison, a website that arranges extramarital liaisons, is “Life is short. Have an affair.” Its home page shows a woman holding a finger to her lips. So much for promising to keep secrets. Last month a group of hackers called Impact Team stole the site’s user database and transaction history going back to 2007, and this week they released it online, including 33m users’ names, addresses and personal details, along with GPS co-ordinates and sexual preferences.
This trove of data is fiddly to download and search, but already users of the site are being outed, as journalists and activists comb through the records looking for celebrities, business leaders and politicians. A deluge of revelations seems likely in the coming days; it is surely only a matter of time before somebody builds an easy-to-use website that allows anyone to search the data for their friends, family and co-workers.
The hackers’ motives are unclear. In their statements they denounce the “fraud, deceit and stupidity” of both Ashley Madison’s parent company, Avid Life Media, and the site’s users. Their complaint against Avid Life is supposedly that the site is a scam, because the vast majority of its users are men, who have to buy credits to access its services. But Impact Team’s supposed sympathy for these dupes is hard to square with the hackers’ decision to release all the data, and their moralising exhortation to people thus exposed: “learn your lesson and make amends”. It seems most likely that Impact Team, like other hacker groups before it, is simply doing this for fun.
Some think Ashley Madison’s users have got what they deserve. But this data breach could have far more public and wide-reaching consequences than previous heists, such as the theft of customer data from retailers, tax records from America’s Internal Revenue Service, or even security-clearance data from the Office of Personnel Management.
Marriages will be destroyed, reputations shredded and hypocrisies revealed. People will lose their jobs. Celebrity magazines and gossip columnists will have a field day. There will be much discussion of modern attitudes to marriage and fidelity. But perhaps the greatest significance of this episode is that it illustrates, more vividly than ever before, the woeful state of internet security.
It would be wrong to blame technology for human failings, but by removing friction from existing activities—order a cab with Uber, buy a book from Amazon, summon a song via Spotify, find a date on Tinder—it can subtly steer people’s behaviour.
Ashley Madison’s sales pitch, emblazoned on huge billboards, was that the anonymity of the web could make having an affair easy and risk-free. Its website (“Over 38,920,000 anonymous members!”) offers a three-month money-back guarantee and is festooned with logos and icons emphasising trustworthiness, security and discretion. Such promises were evidently irresistible to the site’s millions of registered users—and to the hackers who have revealed just how hollow these claims really were.
No doubt some people signed up on a whim, while going through a rough patch in a relationship, or while drunk. In the past, the mere contemplation of infidelity left no physical traces. But now millions of people’s thoughts and deeds are visible to public scrutiny.
The truth is that the internet is bad at keeping secrets. The theft of personal information from large companies and government agencies has become so routine that most such breaches are quickly forgotten. For most people, this is merely an occasional inconvenience. If your credit-card number is stolen, you can get another one; if your password is compromised, you can change it. Identity theft and fraud are more troublesome.
But every time another data breach is greeted with the societal equivalent of a shrug, companies’ decision not to spend any more on data security is vindicated. The Ashley Madison breach is different, because it threatens to destroy families and end careers. Avid Media’s security was no worse than that of many other companies, but its database contains information far more sensitive than mere financial details.
If its theft proves to be the wake-up call that encourages companies to start taking security more seriously, then at least some good will have come from this sorry affair.