In recent weeks the number one show on Netflix, ‘Baby Reindeer’ has been knocked off its perch by a show which has the nation gripped.

The story of Ashley Madison is perfect for the Netflix era as it’s a story of illicit affairs, hackers and blackmail.

The only genuine surprise, to me at least, is why it’s taken the world this long to wake up to the story. After all, the events that unfolded happened almost ten years ago, in July 2015.

The Ashley Madison backstory

If you’ve never heard of the ‘alternative’ dating site Ashley Madison, then here’s what you need to know.  Back in 2015 the site was hacked by a relatively unknown group of hackers known as ‘Team Impact’.  They targeted the site, as they believed the company that ran the site, Avid Life Media, were acting irresponsibly in promoting extra-marital affairs. Which is exactly what they were doing.

The sites tag line was “Life is too short. Have an affair.” Offering married couples the opportunity to meet others who were interested in ‘no strings attached’ conversations and affairs.

Team Impact believed this was immoral and demanded that the site be shut down, or they would release the data they had stolen.  To prove that they were serious they released personal information of over 2,500 members onto the Dark Web.  When Ashley Madison wasn’t shut down, the hackers released a further 60 Gigabytes of personal data. 

The business Impact

Of course there was a significant reputational impact for Ashley Madison, but it wasn’t all negative.  Although users of the site filed a $567 million class-action lawsuit against the company, membership of the site grew dramatically in the wake of the attack. The users finally settled the lawsuit in 2017, which cost Avid Life Media $11.2 Million.  Some might say this was a small price to pay, for global coverage.

The Personal Impact

The personal data of 32 million users was eventually spread across the internet for anyone to see. Including names, addresses, email addresses, search history, sexual preferences, and credit card transactions.

Although Team Impact were targeting the company, it was their customers who were to feel the heat from this breach.  As personal details of millions of people spread across the internet, it led to widespread fear of public shaming and damage to personal lives. 

Marriages and relationships broke down as people discovered their partners were members of the site. People in prominent public positions were ‘outed’ as being members of the site, leading them to have to resign from their jobs.

Sadly, it came to light that at least two people took their own lives as a direct result of the hack. While it is difficult to know how many others took their lives as a result, it undoubtedly caused untold stress and distress to the public involved.

The Social Impact

It’s worth pointing out that not everyone who engages in extra-marital affairs does so simply because they are ‘bored’ at home.  For example, in some countries, homosexuality is illegal, punishable by death. Therefore, some people marry to keep their true sexuality a secret, meaning they are forced to lead a double-life. 

Sites like Ashley Madison offer users the opportunity to explore or express their own sexuality without fear of reprisal or risk of personal harm or shame.  Dismissing Ashley Madison as a site where people are engaging in extra-marital affairs for the fun of it, is too simplistic. We need to look deeper and understand that there are myriad reasons people have affairs.

But who are we to judge?

What can we learn from this attack?

There are many lessons to take from the Ashley Madison attack, including the fact that it is still of interest almost ten years after it happened. This demonstrates that Information Security and Data Protection is of interest and relevant to us all.

We need to learn that when we hand over our personal (and sensitive) data to websites, we can’t always trust them to keep it safe. 

There are so many things we can practically do to keep ourselves safe online, from improving our password hygiene through to limiting what we share. But it all depends on what sites we’re using and why.

As a business we need to learn that we can be targeted at any time, by any group who disagrees with our business model, products or services. We also need to learn that ‘data’ is the most valuable asset we have, and that ‘data’ does not belong to us. We are merely custodians, and keepers of it. We need to do better at protecting it (for example implementing security controls like ISO27001).

But perhaps the greatest lesson of all is that we need to learn is that there is no such thing as 100% secure. When handing our data over to any company, institution or government body, we need to remember that it is of value to that business, but also to someone who might wish to do us harm.

We need to demand that businesses do better at protecting our data, not simply using it for their own ends.

More questions?

If you need help preparing for your stage 1 (or stage 2) audit, then book in with us for a FREE 1hr consultation where we’ll assess your readiness for your stage 1 audit.