The site was infamous for facilitating affairs between unfaithful people
The site was infamous for facilitating affairs between unfaithful people

Ashley Madison leak: The personal details of 32 million users might not all be genuine

No email verification during the Ashley Madison signup process means many customers might not have signed themselves up

Doug Bolton
Friday 21 August 2015 14:52

Last month, hackers stole the personal details of millions of users of Ashley Madison, an 'anonymous' dating website which was targeted at people seeking extramarital affairs.

The oddly moralistic hackers, working under the name 'Impact Team', said they would post the information online unless the site was shut down.

Some speculated at the time that they were just bluffing, and would instead try to sell the valuable information - but now, they've made good on their promise, releasing the private information of users, including their names, email addresses, phone numbers and home addresses.

All 9.7 (compressed!) gigabytes of data can be downloaded by anyone, but the site where it is available is on the so-called 'dark web', which is only accessible through the private Tor browser.

In a document accompanying the data dump, Impact Team wrote: "Avid Life Media [the company which owns Ashley Madison and other dating sites] has failed to take down Ashley Madison... We have explained the fraud, deceit and stupidity of ALM and their members. Now everyone gets to see their data."

But what does this mean for the users (or their husbands and wives)? Can we trust the authenticity of this data, especially when it's related to something that could potentially destroy relationships?

Ashley Madison's International Affairs Director Christoph Kraemer speaks during a press conference in Seoul, after South Korea legalised adultery in February (AFP/.Getty)

The most important thing to remember about the Ashley Madison leak - the site has no email verification

When you sign up for many online services and websites, you're asked to verify your email. This involves the website sending you an email containing a link, which you have to click on.

This is a simple way of preventing other people signing you up for services - anyone can put your email addresses in a sign-up box, but unless they have access to your inbox, the site has no way of knowing it's actually you, and you won't be signed up.

Ashley Madison doesn't use this feature - the sign-up process involves no verification, so anyone can stick an email address in the registration form and get signed up, either using their address or someone else's.

The lack of email verification on Ashley Madison means it is easy to create accounts under other people's names

We were able to sign up to the site in about 15 seconds, without having to do any kind of verification.

So this is an important detail when asking whether all the private data released is genuine or not. If someone's email address is in the data dump, that doesn't necessarily mean they signed up - someone else could hvae done it, either as a scam, a prank, or simply because they didn't want to use their own email to start an account.

For example, one address in the leak appears to show the address of former Prime Minister Tony Blair - it's safe to assume he didn't use a personal email to sign up to the site, and even more unlikely that his real email address is so obviously linked to him.

So take the data dump with a pinch of salt, because without email verification, there's no real way of knowing whether the people whose data has been released actually signed themselves up to the site.


It's important to treat the data with skepticism, but you should also remember that the data dump contains the details of 32 million users.

Even if 90 per cent of the user profiles released are not genuine, that means the data of over three million people who willingly signed themselves up for a cheating website have been released.

What's more, pictures of the email addresses released online show hundreds, if not thousands, of email addresses from domains, and other work-related organisations.

If you were going to sign up to Ashley Madison, would you be more likely to use your home account, or your work account?

Treat the Ashley Madison hack with some skepticism, but remember that a lot of these details are genuine.

On top of the list of customer details, there's even more confidential data relating to the company - including internal memos, emails, contracts and sales techniques, according to Ars Technica.

Responding to the huge data dump, Avid Life Media said in a statement: "This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against he indicivudal members of, as well as any freethinking people who choose to engage in fully lawful online activities."

"The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in