BY CATIE PAUL
“Life is short. Have an affair,” proclaims the tagline for Ashley Madison, a website that caters to married people looking to cheat. The site, which promised complete discretion to customers, may have angered the wrong people with its mission, and earlier this month hackers stole private data on over 30 million customers and released it on the Internet.
Ashley Madison is based in Canada and is owned by Avid Life Media. Its name comes from two female names, Ashley and Madison, which were popular in 2001 when Noel Biderman, the former CEO of Avid Life Media, came up with the idea for founding the site. Ashley Madison became infamous for its advertisements and for other publicity stunts.
For example, in 2010 the company tried to get the new New York Giants and Jets stadium to be named Ashley Madison Stadium, but MetLife ended up receiving the naming rights. Although Avid Life Media refuses to release the names of its investors, it made $115.5 million in revenue in 2014, according to CNN.
On July 12 employees of Avid Life Media came to work to find threatening messages on their screens: A group calling itself “Impact Team” had infiltrated their servers and called for Ashley Madison and another Avid Life Media-owned site, EstablishedMen.com, to be shut down. In a manifesto published at the time of the hack, the group claims to have done so to protest the site’s ethical ambiguity and its shady business practices — in particular, users who wish to permanently delete their account have to pay $19 to the company. However, the attack revealed that even this process of deletion didn’t remove all of the data about the users.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the Impact Team wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
When Avid Life Media refused to take the site down, the hackers released private data of customers on Aug. 18. Ten gigabytes of data were released by the hackers. The user data collected by Ashley Madison included names, street addresses, phone numbers, birth date, relationship status, whether they drink or smoke and more.
The data reveal that only 15 percent of the profiles were of women and, of those, only 12,000 accounts were actually active on the website. Annalee Newitz, the editor-in-chief of Gizmodo, analyzed the data and concluded that Ashley Madison was guilty not only of keeping data that users had paid to have deleted but also of false advertising. She believes that many of the female accounts were fake and that men were lured into spending money in the hopes of meeting a match, since men had to pay to email women on the site.
“In the data dump of Ashley Madison’s internal emails, I found ample evidence that the company was actively paying people to create fake profiles,” Newitz wrote. “Sometimes they outsourced to companies who build fake profiles, like the ones Caitlin Dewey wrote about this week in the Washington Post. But many appear to have been generated by people working for Ashley Madison.”
In addition to the personal information of users, the Impact Group released PayPal accounts used by Ashley Madison executives and proprietary internal documents as well as some of Biderman’s private emails.
Avid Life Media, which owns Ashley Madison, has offered a reward of 500,000 Canadian dollars, nearly $380,000, to anyone who can provide a tip on the perpetrators of the hack. So far there are no leads. Avid Life Media also states that the Royal Canadian Mounted Police, Ontario Provincial Police, Toronto police and the Federal Bureau of Investigation (FBI) are all involved in investigating the case.
On Aug. 24, Toronto police stated in a news conference that two unconfirmed suicides have been linked to the data breach. The police also mentioned that there have been reports of hate crimes carried out on some of the victims of the hack. Biderman resigned from his position as CEO on Aug. 28. In a press release the company claimed that the decision was a joint one and that a senior management team will run the company for the time being.
“This change is in the best interest of the company and allows us to continue to provide support to our members and dedicated employees,” the press release states. “We are steadfast in our commitment to our customer base.”
It continues, “We are actively adjusting to the attack on our business and members’ privacy by criminals. We will continue to provide access to our unique platforms for our worldwide members.”