In what may be the least empathy rousing hack in the history of the Internet, AshleyMadison, an online hook-up site for some 37 million cheaters, was cyber-attacked by “The Impact Team.”
Hacking group hijacked the site and said they’d “taken over all systems in [Ashley Madison’s] entire office and production domains, all customer information databases, source code repositories, financial records, emails.” The hackers demand that the Ashley Madison site and its brother site, Established Men (where rich men go to buy trafficked girls), be “shut down immediately permanently.”
Shutting down AshleyMadison and EstablishedMen will cost you, but non-compliance will cost you more. — Hackers
The hackers say they will “release all customer records, profiles with secret sexual fantasies, nude pictures, credit card transactions, real names and addresses, and employee documents and emails.”
My first assumption was that this was a revenge hack by some technically savvy cuckold who’d just discovered their spouse’s affair had been facilitated by AshleyMadison. I next wondered if instead, this was a moral-hack honoring the sanctity of marriage. Or could it be, as many of us wondered on Twitter, masterminded by divorce lawyers?
According to Krebs on Security , though, the hackers’ threat to expose cheaters’ private information is not motivated by any personal disgust with the site being the Internet’s #1 place for affairs, but instead relates to the business’ own questionable privacy practices. It seems that the site retains user information even after users pay a $19 fee to erase their profile. So the hackers’ beef is over a $19 charge that misled cheaters into thinking their use of the site was untraceable. But, the individuals defrauded of their $19 hush money are more exposed from today’s hack than anything else. That’s especially true if history’s sleaziest mass doxing comes to fruition.
So by protesting privacy practices, the hackers are threatening to breach privacy. So what are the privacy rights of Ashley Madison users? Because the site facilitates deceit, do users have a lesser right to privacy? If Avid Life Media (the site that owns these sites) can prevent the distribution of this information by complying with the demands, could it be liable if it fails to do so? Surely it could be liable to people who paid to erase their profiles if instead their personal information gets distributed. The service simply did not provide the guaranteed results. A $19 could pay for a minute or two of their divorce lawyer’s time. The site also guarantees anonymity on its home page and the failure to deliver that or to take minimal security precautions could also impose civil liability under laws relating to how businesses represent themselves and information security. Criminal liability, though, will rest on the hackers. All states have laws against the distribution of personal identifying information such as financial information linked with names.
Twenty four states have criminalized the distribution of intimate images. Should nude images of AM consumers get released, this will highlight the weakness in some of the state laws — those that demand that the offender distribute with the intent to harass or annoy the victim. Here, the distribution is aimed at punishing the company — not the victim. While cheaters may not be the population that we aimed to protect with our laws against the nonconsensual distribution of intimate images, the exposure that these individuals will suffer if the images are published online will far outlast their divorce proceedings and/or grovelings for forgiveness.
At the end of the day, if you can’t trust a business built on the backs of cheaters, who can you trust?