It is rather difficult to determine who the real victim in a scenario is where sensitive personal information is released of users of a website that is meant for people looking to “have an affair”. Many people will opine that an organisation with such a profile was inviting trouble. And, now instead of targeting the users, hackers are demanding the shutdown of Ashley Madison itself.
A group of hackers, calling themselves the Impact team, attacked the website and posted a 9.7GB dump on the dark web on an Onion address. The files seemingly contain the login credentials, credit card and other payment transaction details, along with the addresses of approximately 39 million users. In a statement presented by Wired, Ashley Madison’s owner Avid Life Media said, “The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.”
According to estimates, around 40 million users of the website have been affected worldwide, and Indians account for a significant proportion of that number. Although credit card numbers were not compromised, payment data going back to 2008 is available as part of the dump. It also includes email ids of users along with their physical addresses. Profile descriptions were also there. “I’m looking for someone who isn’t happy at home or just bored and looking for some excitement,” read one of the profiles who apparently works for Customs and Immigration, Union in Canada. Exciting, we say.
According to the data available for Indian users, New Delhi has the most number of users at 38,652, followed by Mumbai (33,036), Chennai (16,434), Hyderabad (12,825), Kolkata (11,807) and Bangalore (11,561). Not surprisingly, a bulk of the users were from western-European countries and the United States. Tecnilógica, a Madrid-based digital agency, created a world map showing the distribution of Ashley Madison users across the world composed in terms of gender proportion and geographical distribution.
In an act that might find favour in some quarters, the Impact Team is trying to project the attack as an act of righteousness (“moral policing”, in more forward terms). A statement released by the group demands the shutting down of Ashley Madison, as well as Established Men, another one of Avid Life Media’s sites. The statement indicates that the company was targeted because of its dishonest business practices wherein they charged $19 for removing any personal data from their site, when in fact it was still there. “Too bad for ALM, you promised secrecy but didn’t deliver,” the statement further reads.
Many governments have ordered investigations after it came to light that several bureaucrats might have signed up using their work emails. Divorce lawyers are also preparing for a deluge of cases after this leak.
Now, although an estimated 39 million accounts have been compromised, doubts have been raised about the legitimacy of a considerable number of those accounts. A former employee has claimed to have been paid by the company to create fake female profiles in order to attract male users. One surprising bit of data that has cropped up is that in contrast to the rest of the world, there are more female users in India. However, this figure too is questionable. According to one user, who claimed to have been a member of the site for research purposes, there are a large number of distinctly fake female profiles.
The Aftermath and why this (Probably) Affects You
While most of us might not have been affected by this leak, this episode has far greater significance if seen in the context of the future that awaits us. Avid Life Media has criticised the hacking as “an act of criminality”. The company also said, “These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives.” As more and more people in the country are able to access the Internet, there is a very different kind of danger that is lurking in the digital world. The government has taken a proactive role in pushing e-governance, which means more identification and other sensitive content is being stored online.
While that makes life easier, and is indeed a welcome step, it should also be kept in mind the dangers and risks associated with storing personal data online, and the need for sufficiently protect everything against such snooping attacks. There is also the element of moral policing which threatens to spill onto the virtual world - how do we let a certain group of individuals judge the morality of the entire world? Morals, after all, are varied and personal. There is also the issue of companies indulging in unfair practices and not being able to respect their user’s right to privacy, as seen with the number of bureaucratic contacts leaking out into the open now.
The Ashley Madison hacking episode might be a one-off incident that is attracting a lot of media attention, but it serves to underscore the fact that in digital space, privacy remains an illusion.