The Ashley Madison Hack: A Sleazy Attack on a Sleazy Business

Several weeks ago, hacker group The Impact Team threatened that they would release the identities and credit card numbers of clients of infidelity promoting social network Ashley Madison. This week, they made good on their threat, releasing details of a reported 36 million user accounts.

For the moment, the data is apparently out there — some news outlets clearly have access already — but it’s hard to find. But informed commentators suggest it may soon be available and searchable online.

Some will call this a victimless crime: a scuzzy company’s lying-and-cheating customers are getting exposed for what they are. But it’s worth noting that there may be some innocent victims in all this: some Ashley Madison accounts may be spoofed by people using stolen credit cards. Others accounts may belong to people who are not in fact married, but who nonetheless don’t need their online dating habits shared with the world. And even the company’s ‘core’ customers, the ones who truly are acting dishonourably, don’t necessarily deserved to be punished in vigilante style. Or perhaps more to the point, it’s not that they don’t deserve it, but rather that The Impact Team doesn’t have the right to decide.

What about Ashley Madison itself? It’s in a sleazy business to say the least. Of course, employees at Ashley Madison aren’t themselves committing adultery (well, unless they happen to be, incidentally). So some people might wonder whether the company itself is doing anything wrong in the course of business? I think pretty clearly, yes. When you actively and knowingly contribute to someone’s wrongdoing, you share the blame. And there are a range of familiar examples in which helping someone to do wrong is considered blameworthy. Think of lawyers suborning perjury. Think of business agents facilitating bribery.

Naturally, many are calling this a “wake-up call,” for web-based companies and for the corporate world more generally. Reports suggest that insiders at the company knew that privacy was a big risk, and worried about “a lack of security awareness across the organisation.” One sign of a lax attitude toward privacy: according to a report in The Guardian, while customer passwords were stored in hashed (scrambled) format, “information such as addresses, credit card details and sexual preferences is all stored in plain-text in the database.” So anyone with access to the database has access to a treasure trove of private info.

Perhaps the moral of the story is that, human nature being what it is, it’s easier to make money by pandering to people’s baser instincts, than it is to protect the private information gathered along the way.

4 comments so far

  1. nexdec on

    Chris, I love this sentence which seems to elude the majority of people. “When you actively and knowingly contribute to someone’s wrongdoing, you share the blame.”

  2. Curt Day on

    It’s isn’t just with the Ashley Madison case, it is with other situations and groups, like Anonymous, where some hackers believe that the ends justifies the means. And this allows these hackers to believe that their cause places them above accountability.

  3. […] supported by a legal system that enforces disproportionate repayment of debt. File this along with Ashley Madison under the category, “Sure, It’s Legal, But Can’t You Find A Better Way to Make a […]

  4. LewD on

    Interesting take on the possibility of spoofed accounts, despite Ashley Madison not being the shining paragon of ethical business, actions of vigilante justice like this will always have unintended casualties.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: