Ashley Madison leak: The personal details of 32 million users might not all be genuine

No email verification during the Ashley Madison signup process means many customers might not have signed themselves up

Click to follow
The Independent Tech

Last month, hackers stole the personal details of millions of users of Ashley Madison, an 'anonymous' dating website which was targeted at people seeking extramarital affairs.

The oddly moralistic hackers, working under the name 'Impact Team', said they would post the information online unless the site was shut down.

Some speculated at the time that they were just bluffing, and would instead try to sell the valuable information - but now, they've made good on their promise, releasing the private information of users, including their names, email addresses, phone numbers and home addresses.

All 9.7 (compressed!) gigabytes of data can be downloaded by anyone, but the site where it is available is on the so-called 'dark web', which is only accessible through the private Tor browser.

In a document accompanying the data dump, Impact Team wrote: "Avid Life Media [the company which owns Ashley Madison and other dating sites] has failed to take down Ashley Madison... We have explained the fraud, deceit and stupidity of ALM and their members. Now everyone gets to see their data."

But what does this mean for the users (or their husbands and wives)? Can we trust the authenticity of this data, especially when it's related to something that could potentially destroy relationships?

Ashley Madison's International Affairs Director Christoph Kraemer speaks during a press conference in Seoul, after South Korea legalised adultery in February (AFP/.Getty)

The most important thing to remember about the Ashley Madison leak - the site has no email verification

When you sign up for many online services and websites, you're asked to verify your email. This involves the website sending you an email containing a link, which you have to click on.

This is a simple way of preventing other people signing you up for services - anyone can put your email addresses in a sign-up box, but unless they have access to your inbox, the site has no way of knowing it's actually you, and you won't be signed up.

Ashley Madison doesn't use this feature - the sign-up process involves no verification, so anyone can stick an email address in the registration form and get signed up, either using their address or someone else's.

The lack of email verification on Ashley Madison means it is easy to create accounts under other people's names

We were able to sign up to the site in about 15 seconds, without having to do any kind of verification.

So this is an important detail when asking whether all the private data released is genuine or not. If someone's email address is in the data dump, that doesn't necessarily mean they signed up - someone else could hvae done it, either as a scam, a prank, or simply because they didn't want to use their own email to start an account.

For example, one address in the leak appears to show the address of former Prime Minister Tony Blair - it's safe to assume he didn't use a personal email to sign up to the site, and even more unlikely that his real email address is so obviously linked to him.

So take the data dump with a pinch of salt, because without email verification, there's no real way of knowing whether the people whose data has been released actually signed themselves up to the site.


It's important to treat the data with skepticism, but you should also remember that the data dump contains the details of 32 million users.

Even if 90 per cent of the user profiles released are not genuine, that means the data of over three million people who willingly signed themselves up for a cheating website have been released.

What's more, pictures of the email addresses released online show hundreds, if not thousands, of email addresses from domains, and other work-related organisations.

If you were going to sign up to Ashley Madison, would you be more likely to use your home account, or your work account?

Treat the Ashley Madison hack with some skepticism, but remember that a lot of these details are genuine.

On top of the list of customer details, there's even more confidential data relating to the company - including internal memos, emails, contracts and sales techniques, according to Ars Technica.

Responding to the huge data dump, Avid Life Media said in a statement: "This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against he indicivudal members of, as well as any freethinking people who choose to engage in fully lawful online activities."

"The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.”