Ashley Madison leak: The personal details of 32 million users might not all be genuine

No email verification during the Ashley Madison signup process means many customers might not have signed themselves up

Doug Bolton
Friday 21 August 2015 14:52 BST
Comments
The site was infamous for facilitating affairs between unfaithful people
The site was infamous for facilitating affairs between unfaithful people (PHILIPPE LOPEZ/AFP/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Last month, hackers stole the personal details of millions of users of Ashley Madison, an 'anonymous' dating website which was targeted at people seeking extramarital affairs.

The oddly moralistic hackers, working under the name 'Impact Team', said they would post the information online unless the site was shut down.

Some speculated at the time that they were just bluffing, and would instead try to sell the valuable information - but now, they've made good on their promise, releasing the private information of users, including their names, email addresses, phone numbers and home addresses.

All 9.7 (compressed!) gigabytes of data can be downloaded by anyone, but the site where it is available is on the so-called 'dark web', which is only accessible through the private Tor browser.

In a document accompanying the data dump, Impact Team wrote: "Avid Life Media [the company which owns Ashley Madison and other dating sites] has failed to take down Ashley Madison... We have explained the fraud, deceit and stupidity of ALM and their members. Now everyone gets to see their data."

But what does this mean for the users (or their husbands and wives)? Can we trust the authenticity of this data, especially when it's related to something that could potentially destroy relationships?

Ashley Madison's International Affairs Director Christoph Kraemer speaks during a press conference in Seoul, after South Korea legalised adultery in February (AFP/.Getty)

The most important thing to remember about the Ashley Madison leak - the site has no email verification

When you sign up for many online services and websites, you're asked to verify your email. This involves the website sending you an email containing a link, which you have to click on.

This is a simple way of preventing other people signing you up for services - anyone can put your email addresses in a sign-up box, but unless they have access to your inbox, the site has no way of knowing it's actually you, and you won't be signed up.

Ashley Madison doesn't use this feature - the sign-up process involves no verification, so anyone can stick an email address in the registration form and get signed up, either using their address or someone else's.

The lack of email verification on Ashley Madison means it is easy to create accounts under other people's names
The lack of email verification on Ashley Madison means it is easy to create accounts under other people's names (NICHOLAS KAMM/AFP/Getty Images)

We were able to sign up to the site in about 15 seconds, without having to do any kind of verification.

So this is an important detail when asking whether all the private data released is genuine or not. If someone's email address is in the data dump, that doesn't necessarily mean they signed up - someone else could hvae done it, either as a scam, a prank, or simply because they didn't want to use their own email to start an account.

For example, one address in the leak appears to show the address of former Prime Minister Tony Blair - it's safe to assume he didn't use a personal email to sign up to the site, and even more unlikely that his real email address is so obviously linked to him.

So take the data dump with a pinch of salt, because without email verification, there's no real way of knowing whether the people whose data has been released actually signed themselves up to the site.

However...

It's important to treat the data with skepticism, but you should also remember that the data dump contains the details of 32 million users.

Even if 90 per cent of the user profiles released are not genuine, that means the data of over three million people who willingly signed themselves up for a cheating website have been released.

What's more, pictures of the email addresses released online show hundreds, if not thousands, of email addresses from .gov.uk domains, and other work-related organisations.

If you were going to sign up to Ashley Madison, would you be more likely to use your home account, or your work account?

Treat the Ashley Madison hack with some skepticism, but remember that a lot of these details are genuine.

On top of the list of customer details, there's even more confidential data relating to the company - including internal memos, emails, contracts and sales techniques, according to Ars Technica.

Responding to the huge data dump, Avid Life Media said in a statement: "This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against he indicivudal members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities."

"The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in