Another Security Oopsie

So perhaps you’ve heard that Avid Life Media, the company that runs Ashley Madison and several other dating (and “dating”) sites, has been hacked.

Ashley Madison, for those of you who haven’t been paying attention, is a site that caters to those wishing to have an affair.

The hackers claim to have grabbed the entire user database–some 37 million accounts–and threaten to release the whole thing online if Avid Life Media doesn’t shut down Ashley Madison and Established Men*. I find it interesting that the hackers apparently have no interest in ALM’s other dating sites. Maybe they have separate user databases, and the hackers didn’t get enough data to make a credible threat?

* Established Men’s focus is on facilitating relationships between “attractive girls” and “successful and generous benefactors”.

To me, the most interesting thing about the whole affair (sorry), is a line from the hackers’ statement.

The hackers’ ire appears to be focused on claims that even if a customer pays ALM’s fee (approximately $20) to have their account deleted, it remains in the database, although it’s no longer accessible online.

The statement says “Too bad for those men, they’re cheating dirtbags and deserve no such discretion.” Obviously, I’m missing something here. What about the women? Do they somehow deserve discretion? Aren’t they also “cheating dirtbags”?

No, it’s not that there aren’t any women on the site. AM doesn’t position itself as a gay dating site–although they won’t turn you down if you are looking for a same-sex affair. The very first question the site asks is your “relationship status” in one of six categories: Attached Male seeking Females, Attached Female seeking Males, Single Male seeking Females, Single Female seeking Males, Male seeking Males, Female seeking Females.

So what gives? Are the hackers suggesting that all of the women on AM were innocents, somehow tricked into signing up to have affairs? But then, what about the women on EM, who are explicitly looking for sugar daddies. Is that more noble than being a sugar daddy?

ALM spent most of yesterday downplaying the hack and declining to address questions about whether the hackers had gotten away with the entire user database and if they were planning to take the sites down.

Both sites are still up (approximately 10:30 Pacific Time) but responding slowly and occasionally timing out. Perhaps they’re overloaded with people trying to delete their profiles (ALM is waiving the fee). A bit of a case of closing the barn door after the horse has been made into glue, but a totally typical reaction.

If the sites stay up, they’ll take a hit in popularity, but I expect them to recover. Even if ALM takes them down, I can’t imagine they’ll stay down–they might come back under other names, but let’s face it, AM and EM fill a couple of very lucrative market niches. ALM is not going to abandon those markets.

People will use those sites, under whatever names they operate. And other people will hack those sites. Politics and social causes aside, a database full of valid credit cards is just too tempting a target.