A month after compromising the security of now-infamous extramarital relationship site Ashley Madison, it seems the hackers have stayed true to their word and leaked the private information of all of the company's clients onto the dark web. If this is true, that amounts to over 35 million email addresses, not to mention real life names, addresses and credit card data.
Ashley Madison belongs to Avid Life Media (ALM), which also runs Cougar Life and "sugar daddy finder" Established Men, both of which have also had confidential user data stolen. Since news of the hack broke in July, there has been a fair amount of pearl-clutching online, with some defending the customers' right to privacy, and others moralising that anyone registered on a site for adulterers deserves to be named and shamed.
Believe it or not, the hackers (who call themselves 'the Impact Team') didn't hack ALM's security out of any moral objection to infidelity - or at least, not entirely. Their main beef, so they say, is with the company's shady data practices. ALM demands payment from customers of Ashley Madison, Cougar Life and Established Men in exchange for full profile deletion, although the Impact Team claims that the company actually retains all of its users' information on servers without their knowledge.
But that will be far from the primary concern of those whose personal information has been leaked, in huge, searchable chunks, onto 4chan and Twitter. When discussing the story on his podcast, Dan Savage made the argument that the state of any relationship is solely the business of the people in it. The Impact Team hackers, whether acting as avenging angels or not, have taken a deeply private matter and turned it into public property, without the consent of those it concerns the most.
"This is new territory in terms of personal cost," writes The Awl's John Herrman. "The Ashley Madison hack is in some ways the first large scale real hack, in the popular, your-secrets-are-now-public sense of the word. It is plausible -- likely? -- that you will know someone in or affected by this dump."
A new blood sport
Just one day before ALM's data hit the web, a documentary aired in the UK which traced the real-time consequences of revenge porn. Journalist Anna Richardson uploaded naked photos of herself to an online shaming site in order to experience exactly what happens to victims. The film comprised interviews with some of the trolls who love commenting on these images, the victims themselves who are subjected to doxxing and online harassment as a result, and finally the the perpetrators of revenge porn --most often jilted men who post images in anger.
This behaviour, now illegal in the UK and across 23 states in the US, has spawned an entire industry. Revenge porn websites generate upwards of $50,000 in advertising revenue each month, with some even charging victims a fee to remove photos. These platforms function like any other social network or porn site, complete with comments sections full of colourful language and a front page that rapidly changes as new content floods in.
Even if an image is submitted in a moment of madness and then hastily deleted, it is too late - it will have been captured onto somebody's computer for inclusion in his or her own private library, collateral for future smear campaigns. "Pornography attracts hoarders, people with collections of a hundred thousand, five hundred thousand images; it's not uncommon, and that also reveals itself in revenge porn collections," says David Cook, a cybercrime lawyer at Slater & Gordon.
But a problem arises when the appetite for such images exceeds what is actually out there. This is when trolls turn to hacking. Famous examples include last year's iCloud scandal, but for every celebrity whose sex tape makes the front page, there are countless other victims facing the consequences of having their most vulnerable moments stolen and used against them.
Encryption and compassion
"Shame has a blood sport must stop," says Monica Lewinsky. And she knows quite a bit about the subject, describing herself as the "patient zero" of online shaming. "There is a very personal price to public humiliation," she told audiences at Cannes Lions 2015, "and the growth of the Internet has jacked up that price."
A cultural shift is needed, says Lewinsky; by adopting a more proactive stance against cyber-bullying and shaming (as encouraged by her Upstandr campaign), she believes that "we can lead one another to a more compassionate, more empathic place."
But on a purely practical level, what can be done to limit the access hackers have to our supposedly private photos and profiles? "In a world where we expect more of our communications to eventually be made public, will we begin to abandon certain apps or services en masse?" Asks The Verge's Casey Newton. "Is it truly our responsibility to act as if everything we say will eventually become public, or can we hold companies responsible when they fail to protect our data?"
Ashley Madison has learned the hard way the consequences of a less-than-perfect security system, but here's hoping that other tech companies will heed this cautionary tale and invest in encryption to bolster user trust. As the gap continues to close between our online and offline selves, holding onto our privacy will prove crucial in holding onto our identity, and our dignity.
This blog post first appeared at Ogilvydo.