THE slogan of Ashley Madison, a website that arranges extramarital liaisons, is “Life is short. Have an affair.” Its home page shows a woman holding a finger to her lips. So much for promising to keep secrets. Last month a group of hackers called Impact Team stole the site’s user database and transaction history going back to 2007, and this week they released it online: more than 30m users’ names, addresses and personal details, along with GPS co-ordinates and sexual preferences. This trove of data is fiddly to download and search, but already users of the site are being outed, as journalists and activists comb through the records looking for celebrities, business leaders and politicians. A deluge of revelations seems likely in the coming days, as websites pop up that allow easy searching.
The hackers’ motives are unclear. In their statements they denounce the “fraud, deceit and stupidity” of both Ashley Madison’s parent company, Avid Life Media, and the site’s users. Their complaint against Avid Life is supposedly that the site is a scam, because the vast majority of its users are men, who have to buy credits to access its services. But Impact Team’s supposed sympathy for these dupes is hard to square with the hackers’ decision to release all the data, and their moralising exhortation to the people thus exposed: “learn your lesson and make amends”. It seems most likely that Impact Team, like other hacker groups before it, is simply doing this for fun.
Some think Ashley Madison’s users have got what they deserve. But this data breach could have far more public and visible consequences than previous heists, such as the theft of customer data from retailers, tax records from America’s Internal Revenue Service, or even security-clearance data from the Office of Personnel Management. Marriages will be destroyed, reputations shredded and hypocrisies revealed. People may lose their jobs. Celebrity magazines and gossip columnists will have a field day. There will be much discussion of modern attitudes to marriage and fidelity. But perhaps the greatest significance of this episode is that it illustrates, more vividly than ever before, the woeful state of internet security.
It would be wrong to blame technology for human failings, but by removing friction from existing activities—order a cab with Uber, buy a book from Amazon, summon a song via Spotify, find a date on Tinder—it can subtly steer people’s behaviour. Ashley Madison’s sales pitch, emblazoned on huge billboards, was that the anonymity of the web could make having an affair easy and risk-free. Its website (“Over 38,920,000 anonymous members!”) offers a three-month money-back guarantee and is festooned with logos and icons emphasising trustworthiness, security and discretion. Such promises were evidently irresistible to the site’s millions of registered users—and to the hackers who have revealed just how hollow these claims really were. No doubt some people signed up on a whim, while going through a rough patch in a relationship, or while drunk. In the past, the mere contemplation of infidelity left no physical traces. But now millions of people’s thoughts and deeds are open to public scrutiny.
Put not your trust in websites
The truth is that the internet is bad at keeping secrets. The theft of personal information from large companies and government agencies has become so routine that most such breaches are quickly forgotten. For most people, it is merely an occasional inconvenience. If your credit-card number is stolen, you can get another one; if your password is compromised, you can change it. Identity theft and fraud are more troublesome. But every time another data breach is greeted with no more than a collective shrug, companies’ decision not to devote more attention to data security is vindicated. The Ashley Madison breach is different, because it threatens to destroy families and end careers. Avid Life’s security seems to have been no worse than that of many other companies, but its database contains information far more sensitive than mere financial details. If its theft proves to be the wake-up call that encourages companies to start taking security more seriously, then at least some good will have come from this sorry affair.