clock menu more-arrow no yes mobile

Filed under:

The Ashley Madison hack, explained

Grand Velas Riviera Maya

Last month, America's most prominent dating site for cheating spouses got egg on its face after hackers stole millions of users' private information. The stolen data reportedly included names and credit card information, photos, and sexually explicit chat logs.

The hackers objected to Ashley Madison's morally dubious business model, and they tried to blackmail the site into shutting down.

Ashley Madison refused to suspend its operations, so now the hackers appear to have retaliated by releasing the stolen data online. While Ashley Madison hasn't officially confirmed the data's authenticity, it appears to be genuine. That's going to cause heartburn for the millions of people who have created accounts on the site.

Ashley Madison is a sleazy site that helps people cheat on their spouses

Ashley Madison has courted controversy by positioning itself as a website for people seeking to cheat on their spouses. Founded in 2001, the site says it has 37 million users around the world. The site's slogan is "Life is short. Have an affair."

It has traded on its notoriety to attract customers. In 2009 Ashley Madison tried to buy a television ad during the Super Bowl, but the offer was rejected. But the rejection itself got a lot of press, and the ad wound up getting more than a million pageviews on YouTube. The company also sought to purchase naming rights for the Meadowlands stadium, where the New York Giants and Jets play, but was rebuffed.

The site has faced at least one accusation that many of the female profiles on the site are fake.

The company behind the site, Avid Life Media, also owns several other websites, including Established Men, a site that connects young women with "successful and generous benefactors to fulfill their lifestyle needs."

Hackers threatened to publish user data unless the site shut down

A hacker group calling itself the Impact Team hacked the site, a company spokesperson confirmed to journalist Brian Krebs in July. The hackers said they had obtained user information from Ashley Madison and several smaller dating sites owned by Avid Life Media.

"Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms," the hacker group wrote in a statement released in July. If ALM doesn't comply, "we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails."

ALM didn't shut down its lucrative site, and now the hackers appear to have followed through on its threat. Ashley Madison hasn't officially confirmed that the stolen data is genuine. But so far, there's every sign that it is.

The leaked files are nearly 10 gigabytes in size, and "appear to include account details and log-ins for some 32 million users," according to Wired.

"I’m sure there are millions of AshleyMadison users who wish it weren’t so, but there is every indication this dump is the real deal," the journalist Brian Krebs wrote on Wednesday.

Hackers claim the paid "full delete" service didn't work — but Avid Life disputes that

In addition to charging customers who use the site, Ashley Madison also made money by charging users $20 to fully delete their information from the site.

But in a statement provided to Krebs, the hackers said this service didn't work. "Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie," the hacking group wrote. "Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed."

Avid Life disputes this accusation, however. "The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes," the company told the Washington Post. "This option was developed due to specific member requests for just such a service, and designed based on their feedback."

The hack could be devastating for Ashley Madison

The timing of the hack was particularly inconvenient for Avid Life because the company had been trying to go public. However, the company said its controversial business model makes raising funds difficult. "Europe is the only region where we have a real chance of doing an IPO," the company said in an interview with Bloomberg, because of more liberal attitudes toward adultery on the continent.

The hack and the negative publicity it produced has likely scared away of a lot of existing and new customers. Avid Life has attempted to contain the damage by making the account deletion feature free. But if the hacked data is genuine, then that horse is already out of the barn. And future customers will think twice before entrusting their personal data to the company.

Sign up for the newsletter Today, Explained

Understand the world with a daily explainer plus the most compelling stories of the day.