Ashley Madison hack: Leaking personal email addresses puts gay lives at risk around the world

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Gay and bisexual users of the Ashley Madison infidelity website have been left in fear for their lives after it emerged that the identities of users living in countries where homosexuality is illegal and even punishable by death have been posted online.

Users of Ashley Madison’s “Down Low” site, which caters for “married men seeking other men for casual, no-strings fun”, are among the 37 million account holders whose details – and sexual preferences – have been made public by hackers this week.

Other gay domains owned by Ashley Madison whose users are contained in the huge data dump include ManCrunch along with We Know Down Low. “Down low” is a US slang term for men who identify as heterosexual but also have sex with other men.

Homosexual relationships or sex remain illegal in around 75 countries around the world, including many states in the Middle East, Africa, Southeast Asia, and almost all of the Caribbean. Equal rights campaigners said the publication of such sensitive information was putting lesbian, gay, bisexual and transgender people at risk worldwide.

In July, at the time of the Ashley Madison hack, one gay Saudi national posted a message on the Reddit website saying he was sure he would be stoned to death when the data was published. “I was single, but used it because I am gay; gay sex is punishable by death in my home country so I wanted to keep my hook-ups extremely discreet,” he said at the time. Although his story has not been independently confirmed, subsequent posts suggest he has fled Saudi Arabia to seek help from a team of immigration lawyers in the US who specialise in LGBT refugees seeking asylum.

The data leaks monitoring firm CybelAngel said that – in the overall trove of 37 million account-holders, straight and gay – it had counted 1,200 email addresses with the Saudia Arabian “.sa” suffix, where adultery is punishable by death.

More than 50 accounts have been found from Qatar where homosexual relationships are punishable by up to five years in prison, while almost 1,500 accounts are from Turkey – where homosexuality is not illegal but can get a person kicked out or banned from military service.

The group behind the attack – the Impact Team – breached Ashley Madison’s servers last month, and this week released the data to the Dark Web: a sub-level of the internet that cannot be accessed through normal browsers. The hack includes customer names, credit-card data, addresses and sexual preferences.

As the hacked data became more accessible through online sharing platforms, a custom Google map was created that displays Ashley Madison users’ addresses they registered with the website.

British civil servants, international bankers and UN staff are among those whose names appear in the data. Several BBC and ITV figures as well as academics at Oxford, Cambridge and other leading British universities are named as Ashley Madison account holders.

Lawyers suggested that adult dating and infidelity websites faced ruin if customers decided to form class action lawsuits following multiple hacks. They compared the leaking of private information belonging to millions of customers to the phone-hacking scandal that engulfed Rupert Murdoch.

Avid Life Media (ALM), the Canadian-based owner of Ashley Madison, had promised its customers that it could provide a secure website and “100 per cent discreet service” and that their servers were “kind of untouchable”.

Sarah Webb, partner at London-based Payne Hicks Beach’s privacy and media law team, said: “Ashley Madison and, more particularly, ALM could be facing litigation of a similar scale and basis to the phone-hacking claims against the publishers of the Mirror and News of the World.”

Lawyers said whether those who are identified by email addresses have a claim depends on the steps that ALM took to protect the private information from hackers and what their terms and conditions state. If the hacking was so sophisticated that they could not reasonably protect against it, they may escape liability. However, customers have claimed the “full delete” service run by Ashley Madison did not work and that the company retained private information even after customers left the website, suggesting its security might not have been adequate.

Whether Ashley Madison customers wish to step forward is another question but there were suggestions a class action lawsuit may take place in the US.

Mikko Hypponen, an IT security expert with F-Secure, said: “The most concrete fear for users listed in the database is that they’re now framed as cheaters, whether they actually did it or not. We have to remember that they are victims of a crime.”

Charts were produced on the top 25 cities containing the most cheaters. Sao Paolo, New York and Sydney made up the Top 3, according to the website dadaviz. London was number nine, with 180,000 users.

Email addresses linked to the BBC broadcasters Scott Mills and Vanessa Feltz have appeared among the data. Both broadcasters described the suggestion that they were customers as “hilarious”. Mills, who is gay, said he assumed a listener had signed him up.

Feltz told The Independent: “I’m not online in any shape or form at all. I don’t even have a computer, iPad to iPod. I’ve never even sent or received an email – ever. I wouldn’t know how to log on to that BBC email address. I’m not even married.”

They joined the SNP MP Michelle Thomson who has claimed her identity had been “harvested” after an old email address appeared among the data. The mother-of-two also said she was the victim of a smear campaign.

Two Australian DJs were criticised after revealing to a woman live on air that her husband was registered on the adultery website Ashley Madison.

The stunt by Sydney-based DJs Ryan “Fitzy” Fitzgerald and Michael “Wippa” Wipfli was described by listeners as “misguided”, “moronic” and “a shameless disgrace”.

The woman, named as Jo, called the morning show on Nova FM when they offered to check if people were on the controversial website.

Clearly distressed after being told the news, Jo hung up the phone. Wipfli, seemingly shocked, said: “I don’t know if we should have done that.”

The pair faced a barrage of criticism on social media.