The Ashley Madison Hack: 5 Things You Should Know

If you use the site, you may want to read this.

AshleyMadison.com promotes itself as “the world’s leading married dating service for discreet encounters,” and for married people wanting side action, it has been a popular destination since 2001. On July 15, 2015, a hacking collective called The Impact Team issued a claim that it had bored into the Toronto-based company’s servers and, in the words of cyber-security researcher Brian Krebs, “completely compromised the company’s user databases, financial records and other proprietary information.”

By July 20 Ashley Madison had confirmed the hack. The next day details for 2500 accounts were published online as a kind of warning that the hackers weren’t screwing around, though the information was quickly taken offline. Then last night, The Impact Team uploaded everything they had to a site on the dark web, and overnight that information has slowly been making its way to the friendly old regular internet we use every day.

[READ MORE: HERE’S WHAT TO SAY IF YOU’RE BUSTED USING ASHLEY MADISON]

The data dump is stunning in size. Ars Technica reports it contains “user names, first and last names, and hashed passwords for 33 million accounts, partial credit card data, street names, and phone numbers for huge numbers of users, records documenting 9.6 million transactions, and 36 million e-mail addresses.”

Who is affected by the breach? Of the more than 30 million accounts busted open by The Impact Team, a chunk are thought to be fake, but researchers at Errata Security have examined the data and say the accounts number “28 million men to 5 million woman, according to the ‘gender’ field in the database (with 2 million undetermined).” However, writes Errata’s Robert Graham, when looking at credit card transactions, he finds “only male names.”

What else is buried in all that data? Everything users typed into fields when signing up for Ashley Madison. In addition to emails and credit card transactions, Ars Technica reports the hacked info also reveals “subscribers’ sexual predilections,” which may include everything from enjoying threesomes to domination and submission and old fashioned bondage in general. Relationship statuses like “attached male seeking female” and “male seeking male” are in there too.

Where are divorce lawyers getting the most excited?Business Insider cites a chart found at Dataviz that breaks down location data from the breach. It reveals São Paulo, Brazil, as the winner in the western hemisphere. However New York City is a close second, with a little over 268,000 accounts in Ashley Madison’s database.

How are people responding? Writing at The Awl, John Herrman looks past jokes on social media and news accounts and admits he “may be overestimating how far things will unfold,”  but to him, “this feels like a momentous event.”

“Barring some sort of heroic cleanup effort on the part of the entire internet,” Herrman continues, “… millions of lives may be about to change profoundly.”

What can I do? If you never signed up for Ashley Madison, no worries! However, WIRED points out that Ashley Madison’s sign-up never required email verification, “so legitimate addresses might have been hijacked and used by some members of the site.” Anyone who fears credit card information was compromised might consider credit monitoring services. As for email, kill the address you used, if it was real.

Oddly, AshleyMadison.com’s password encoding was somewhat solid, so passwords remain “hashed,” or obscured via encryption. But don’t count on that lasting long—stubborn hackers using up-to-date methods will still eventually be able to reveal the passwords as well—so if your Ashley Madison password was used for other services, change it immediately. 

For anyone seeking a basic look at the hackers’ haul, there are already a ton of sites popping up which provide relatively simple data searches. Many have been crushed under the weight of incoming traffic but some are fairly stable, like Ashley.cynic.al, which returns a simple yes or no as to whether an email address was found in the hack.

If you find your email in a search, others could find it as well—if it comes to that, it might be time to start preparing for some uncomfortable conversations.

Photos by Carl Court/Getty Images

Mentioned in this article: