Over the last few years, a number of shockingly massive hacks have cost hundreds of millions of dollars and revealed loads of personal information about regular people. The Ashley Madison hack and subsequent public revelation of user data should make you more uneasy than the rest.
Yesterday, hackers dumped 9.8 GB of data that would have been previously stolen from ashleymadison.com, including information and transaction details for the site's 37 million users. The website, for those of you who don't know, helps married or otherwise "taken" men cheat with available women who are into that kind of thing. The company confirmed the hack, but has yet to acknowledge that yesterday's dump is bonafide. Still, security reporter Brian Krebs says he confirmed the data contains real information with independent sources, and there's a growing consensus that it's legit. For example, Gawker's Sam Biddle:
it’s definitely real, I made an account on AM once when I was covering online dating stuff for gizmodo and my email is in there
— Sam Biddle (@samfbiddle) August 19, 2015
This breach has a disturbing quality distinct from many previous hacks, though. To see why, let's consider for a moment a few other massively publicized breaches of private information and how this is different.
In 2013, a breach at Target compromised 40 million credit cards, costing the company at least $US150 million with independent estimates soaring to more than double that number. Earlier this year, the United States Office of Personnel Management confirmed that hackers stole personal identifying information for nearly 22 million government employees. In both of these cases people's lives and livelihoods were compromised in temporary and fixable ways. They had to replace their credit cards and in the worst of cases, monitor their credit more carefully to ensure the leaked data wasn't used to steal their identity. A pain in the arse? Sure. But no more.
Last year's Sony hack, in which a huge trove of company emails was unceremoniously dumped upon the world, starts to approximate the kind of damage we're looking at today. The breach lead to embarrassing revelations about the machinations at the top levels of the company's film business. But along with executives like Amy Pascal, the criminals who leaked the info took down loads of lower-level employees, putting their personal lives on public display. As former Gizmodo editor Brian Barrett wrote at the time, the collateral damage was borderline tragic:
The most painful stuff in the Sony cache is a doctor shopping for Ritalin. It's an email about trying to get pregnant. It's shit-talking coworkers behind their backs, and people's credit card log-ins. It's literally thousands of Social Security numbers laid bare. It's even the harmless, mundane, trivial stuff that makes up any day's email load that suddenly feels ugly and raw out in the open, a digital Babadook brought to life by a scorched earth cyberattack.
And as Barrett concluded, the breach was a terrifying reminder that intimate details of your life too could one day be plastered on the web.
The Ashely Madison breach is the next unnerving step on the hack continuum. Only the hacking and release of nude celebrity photos associated with "The Fappening" last year compares. Having your name released as an Ashley Madison user could destroy your life. The hackers behind the sites contend that most of the users are fake female profiles, but there are loads and loads of men who betrayed their partners by seeking an affair on the website, too. Brian Krebs, the reporter who originally uncovered the hack, notes:
Nearly every day since I first reported the exclusive story of the Ashley Madison hack on July 19, I've received desperate and sad emails from readers who were or are AshleyMadison users and who wanted to know if the data would ever be leaked, or if I could somehow locate their information in any documents leaked so far.
I can't imagine the desperation these people feel. But set aside, for a moment, that many of them are less-than-moral individuals who perpetrated secret infidelity. Look beyond your own feelings about the morality of the site that was hacked. The implications of this mass revelation should horrify everyone, regardless of how you feel about Ashley Madison.
You submit information online under the illusion that no one is ever going to see it — even if you know better. For the most part you'll be safe, but as we increasingly entrust more and more of our private selves to inherently fallible digital service providers, devastating leaks like The Fappening and the Ashley Madison breach are going to happen more and more. As John Herrman writes at The Awl:
It's easy to kid about the fact that these people were using a site intended to help them cheat. But if understood in more abstract terms, this hack has the potential to alter anyone's relationship with the devices and apps and services they use every day. Here were millions of people expecting the highest level of privacy that the commercial web could offer as they conducted business they likely wanted to keep between two people (even if a great number of the emails are junk, or attached to casual gawkers, the leak claims to contain nine million transaction records). This hack could be ruinous — personally, professionally, financially — for them and their families. But for everyone else, it could haunt every email, private message, text and transaction across an internet where privacy has been taken for granted. Ashley Madison, in the strange hacker economy of 2015, may have had an especially big target on its back. But it's a powerful reminder of the impossibility of perfect privacy.
Maybe our contemporary notions about privacy are really an anomaly, as internet pioneer Vint Cerf has argued. Maybe it's inevitable that we'll live completely in public on the internet. Maybe you'd better get used to it. Today's Ashley Madison is your public humiliation of tomorrow.