Current:Home > InvestInside the Eternally Wild Story of the Ashley Madison Hacking Scandal-LoTradeCoin
Inside the Eternally Wild Story of the Ashley Madison Hacking Scandal
View Date:2024-12-23 19:00:36
On July 13, 2015, Evan Back walked through the door of his Toronto office and immediately sensed something was wrong.
Normally people would be milling around, drinking coffee, getting ready to tackle the Monday ahead. Instead, he remembered, there "was a strange, weary, uncomfortable silence."
When he switched on his computer, he understood.
Nine years ago, Back was VP of sales at Ashley Madison, and the dating site that catered to married people looking to have affairs had been hacked over the weekend.
"The promise of security and anonymity and guarantee and safety was just something we said," Back recalled in the recent Netflix docuseries Ashley Madison: Sex, Lies & Scandal. "It wasn't something we did."
Amit Jethani, former director of product for the site, concurred.
"Every department had to get creative because there was no real playbook for running a service like this one," he said in the series. And though security was frequently discussed, shoring up the system kept falling by the wayside. Everyone knew a hack "would have been catastrophic," he added. "The hope was that it wouldn't happen."
But as anyone who couldn't resist the siren song of schadenfreude in the summer of 2015 remembers, it happened. And the aftermath was nuts.
Obviously there was egg on the face of the company with the motto "Life is short. Have an affair."
Yet the scandal is far more remembered for the bold-faced names who were subsequently identified as Ashley Madison account holders (or alleged account holders, as some who were publicly named denied ever signing up) and the massive amount of judgment that ensued.
The Netflix series comes less than a year after the ABC News/Hulu documentary The Ashley Madison Affair and serves as a reminder of two things: Some of the sleaziest moments in our culture benefit from a little hindsight. And there's always another layer to be peeled.
Here's what happened when Ashley Madison got hacked:
Ashley Madison launched on Jan. 21, 2002. The brainchild of founder Darren J. Morgenstern was controversial upon arrival, considering it was a website designed for married people looking to cheat on their spouses.
The company's brazen slogan was "Life Is Short. Have an Affair." And they had to get creative with their marketing, too, since prime-time TV was a no-go and they were banned by appointment programming like the Super Bowl and the Oscars.
"It was virtually impossible to get ads on television," former VP of sales Evan Back recalled in the 2024 Netflix series Ashley Madison: Sex, Lies & Scandal. "No mainstream networks would take us."
But online dating, in all its forms, was on the rise, and CEO Noel Biderman tirelessly made the rounds on every news and talk show that would have him—sometimes in joint interviews with wife Amanda Biderman. (One of the sampled clips shows Dr. Phil McGraw theatrically shrinking into his chair as Biderman touted Ashley Madison as a "preservation device" for married couples during a 2012 appearance on Katie Couric's Katie.)
The site continued to grow and, by 2015, Ashley Madison was up to 37 million registered users and counting.
On July 12, 2015, an entity calling itself The Impact Team hacked into Ashley Madison's internal system.
Employees were greeted by a message when they turned on their work computers, accompanied by the strains of AC/DC's "Thunderstruck": Shut down Avid Life Media-owned Ashley Madison and sister site Established Men (tagline: "connecting young, beautiful women with successful men"), or else the hackers would expose company and customer data for the world to see.
Hoping to contain the breach (and to resume business as usual as soon as possible), Ashley Madison called in private cyber security experts who specialized in hacking and rooting out system vulnerabilities.
Meanwhile, speculation ran rampant as to who was behind the scheme, with wild guesses including a disgruntled customer, a jilted spouse or basically anyone who disapproved of the service they were providing.
On July 19, 2015, The Impact Team posted a statement on Pastebin, a content-hosting service, relaying that ALM had 30 days to shutter Ashley Madison and Established Men, or else they'd proceed with dumping the sites' data.
Cybersecurity news site KrebsOnSecurity reported the same day that The Impact Team had posted caches of stolen company data from ALM. Biderman told the site at the time that they were working "diligently and feverishly" to remove all proprietary information from the web and the article noted that some of the links to the files stopped working during the 30 minutes journalist Brian Krebs spoke to the CEO.
"We're not denying this happened," Biderman said. "Like us or not, this is still a criminal act."
The news rocketed around the world within hours that the site where aspiring cheaters went to have discreet affairs had been hacked and 37 million customers' personal data was at risk of being exposed.
On July 20, Ashley Madison released respective statements confirming "an attempt by an unauthorized party to gain access to our systems" and that a joint investigation was underway with law enforcement.
Hours later, all the late night hosts were cracking jokes.
Reddit started buzzing with concerns about what might be revealed, and Inquisitr reported that some guilty spouses were already pre-emptively confessing to being on Ashley Madison, just in case.
One such post from July 20, 2015, has been removed but many comments are still there, including, "Check his credit card bill" and "I feel like just the fact he told you this so soon after the news of the leak came out indicates that he has been cheating on you."
Moreover, people who knew their way around the dark web were already poking around trying to access the files, according to tech-centric reports about the immediate fallout.
On July 22, The Impact Team leaked two purported Ashley Madison usernames and account info.
Meanwhile, cybersecurity experts Joel Eriksson and André Catry had honed in on a possible perpetrator, a contractor who was no longer doing work for the company when he seemingly accessed its system.
They met the person they called "Suspect A" for a coffee and the man right away denied having anything to do with the hack, the duo recounted in the Netflix series. When they told him they had information pointing to him, his "demeanor changed," Catry said, and he admitted to previous breaches of the system—but not this one.
Ultimately, Catry noted, there were "a lot of leads that did not go anywhere."
ALM didn't shut down Ashley Madison or Established Men. And on Aug. 18, The Impact Team posted "TIME'S UP" on Pastebin and shared a torrent file containing nearly 10 gigabytes of data, including user email addresses.
Within a day, the info had been verified as being the real deal from Ashley Madison—but the sifting and categorizing had already begun.
One of the first bits of news to arise from day one: A lot of people used official government, military and corporate email addresses to open Ashley Madison accounts.
Over the next couple of days, several databases sprang up to make it easy for anyone to search for names and email addresses to see if they were part of the leak.
There were subsequent data dumps on Aug. 20 and Aug. 23, the latter including the full list of email addresses ending in .gov that were used to sign up, as well as more emails, dates the accounts were created, IP addresses, mailing address and the dollar amounts users spent on the site. (There wasn't a regular subscription fee; rather, customers paid for credits to reach out to other users. "Pay to play," sales VP Back quipped in the Netflix series.)
During those first few days, notable people linked to the leaked Ashley Madison account info included 19 Kids and Counting alum Josh Duggar; Josh Taekman, husband of The Real Housewives of New York City's Kristen Taekman; Christian vlogger Sam Rader, famous for family-friendly viral videos he made with wife Nia Rader; former Florida State Attorney Jeff Ashton, who led the prosecution at Casey Anthony's 2011 murder trial that ended with her acquittal; and Hunter Biden, the controversy-courting son of President Joe Biden, who was vice president at the time.
The site did not verify email addresses before the 2015 hack, meaning people could theoretically claim to be anybody when setting up a profile.
"I am certain that the account in question is not mine," Hunter Biden, who was still married to first wife Kathleen Buhle at the time (they divorced in 2017), said in a statement after his name turned up. "This account was clearly set up by someone else without my knowledge and I first learned about the account in question from the media."
Duggar, who is currently serving a 12-and-a-half-year prison sentence after being found guilty of receiving child pornography, didn't directly acknowledge the account but admitted to being unfaithful to wife Anna Duggar in the wake of the leak. They had four children then and now share seven.
Taekman admitted to having an account but denied ever actually cheating on his wife, and the parents of two remain together.
"I have to say, I'm very proud of our relationship and I think we've come a long way," Kristen, who was on RHONY from 2014 to 2015, told People in 2023. "We are stronger than ever. Maybe I'm back to prove everybody wrong and break all those silly myths about Housewives marriages, because despite what everyone probably thought, we're still happily married."
Ashton, now a Ninth Judicial Circuit Court judge in Florida, admitted during an Aug. 23 press conference to using his personal credit card to sign up out of curiosity two years before the hacking. And, he told reporters, he never met anyone in person or broke any laws.
"I was wrong," he said. "I was taught that when you do something wrong, you stand up and you say you did." Sometimes he accessed the site from work, he said, but only using his private computer.
"I hope the public will judge me on my 35 years of service," he said, "and not a bad mistake."
The Raders, meanwhile, participated in the Netflix series.
Sam recalled confessing to his wife that he had an Ashley Madison account over lunch at Chili's at the Dallas Fort Worth airport before they took off for a family-friendly vlogger convention in Seattle.
But he initially lied to both Nia and all their fans when he explained in a YouTube video, his wife by his side, that he had the account but he had otherwise remained faithful.
In reality, he said in the series, "I was keeping a lot of secrets from Nia, and the secrets went a lot deeper than Ashley Madison and a lot further back."
They temporarily lived apart and went to counseling after the debacle, the parents of four said in the series, and remain together.
"I'm not angry at Ashley Madison, definitely not angry at the hackers," Sam told Netflix's Tudum after the series premiered. "I was already on a horrible path when Ashley Madison was advertised to me. Of course, it’s frustrating that they didn’t keep my data safe, but I just see it as the Lord exposing me and bringing [me] out of the darkness."
Added Nia, "It's still shocking to me that things like this exist." But, she noted, "I believe that marriages can be healed. It's worth fighting to fix your marriage."
Two Canadian law firms announced Aug. 20 they were filing a $578 million class action lawsuit against Ashley Madison and Avid Life Media on behalf of all Canadians whose information was exposed by the security breach.
"Numerous former users of AshleyMadison.com have approached the law firms to inquire about their privacy rights under Canadian law," the firms said in a statement, per TIME. "They are outraged that AshleyMadison.com failed to protect its users' information. In many cases, the users paid an additional fee for the website to remove all of their user data, only to discover that the information was left intact and exposed."
(Under new management, parent company Ruby settled pending class action litigation on behalf of U.S. customers in 2017 for $11.2 million. They did not admit wrongdoing.)
On Aug. 24, police announced that ALM was offering a roughly $380,000 reward (500,000 Canadian dollars) for information that resulted in the identification, and subsequent arrest, of the hackers. Police also said that two reported deaths by suicide may have been linked to the Ashley Madison breach.
In the Netflix series, a woman identified only as Christi shared that her husband, a New Orleans-based seminary teacher, took his own life after the data leak.
Toronto Police Force Superintendent Bryce Evans issued a statement appealing to those "who engage in discussions on the dark web and who no doubt have information that could assist this investigation" to "do the right thing."
He continued, "This hack is one of the largest data breaches in the world. The social impact behind this leak, we're talking about families, we're talking about children, we're talking about wives, we're talking about their male partners. It's going to have impacts on their lives…This is affecting all of us."
Evans (who has since retired and appeared in the Netflix series) also warned anyone whose email may have been exposed to watch out for would-be scammers looking to capitalize on people's humiliation by offering fake services, like too-good-to-be-true data deletion or legal representation.
Biderman, whose company emails were also exposed in the breach, stepped down as CEO on Aug. 28. ALM said in a statement his resignation was "in the best interest of the company and allows us to continue to provide support to our members and dedicated employees."
Several days later came reports by Gizmodo and others that, going by analysis of the leaked data, the majority of accounts belonging to women on the site were either fake or never used, and that the site set up numerous fake female accounts to attract more male users.
An unnamed company executive pushed back at the characterization, suggesting that the hackers released selective information to skew the gender data and that the user numbers that Ashley Madison shared for advertising purposes were accurate.
"These numbers are being taken out of context," the executive told the Washington Post at the time. "These criminals have no idea how our business works. You're not seeing everything."
Any reports of Ashley Madison's death have been greatly exaggerated.
Not only was there a reported influx of customers not long after the breach, but after undergoing a "complete rehaul" to rebuild trust with customers, the site now boasts 85 million users, spokesperson Paul Keable told Fox News Digital after the Netflix series' May 15 premiere.
"Now, we look at [security] as a whole-of-company approach," Keable said. "Every person's job is security, every person's job is discretion."
He also said there had been an uptick in membership in the days since the docuseries premiered, adding, "People who are unaware of us that are struggling with their situation think, 'Maybe that's my solution.'" Keable complimented Netflix's storytelling, but shouted out the 2023 Hulu documentary The Ashley Madison Affair for painting the complete picture of where the business ended up post-scandal.
"Myself, my colleagues, we're pretty proud of the fact that despite other people's beliefs, we're standing loud and proud today and delivering on people's needs," he said. "It's a pretty cool story, but we can't wait for the next chapter."
Watch E! News weeknights Monday through Thursday at 11 p.m., only on E!.veryGood! (72697)
Related
- Sydney Sweeney Slams Women Empowerment in the Industry as Being Fake
- Police commander reportedly beheaded and her 2 bodyguards killed in highway attack in Mexico
- Kris Jenner mourns loss of 'beautiful' sister Karen Houghton: 'Life is so short and precious'
- Sorry, Coke. Pepsi is in at Subway as sandwich chain switches sodas after 15 years
- Horoscopes Today, November 10, 2024
- Unilever announces separation from ice cream brands Ben & Jerry's, Popsicle; 7,500 jobs to be cut
- Wisconsin Supreme Court to decide if counties must release voter incompetency records
- Two arrested in brawl at California shopping center after planned meetup goes viral
- Inside Dream Kardashian's Sporty 8th Birthday Party
- Georgia lawmakers may be close to deal to limit rise in property tax bills
Ranking
- Bowl projections: SEC teams joins College Football Playoff field
- Shhhh! If you win the Mega Millions jackpot, be quiet. Then, do this.
- 2 former Mississippi sheriff's deputies sentenced to decades in prison in racially motivated torture of 2 Black men
- Arkansas airport executive director, ATF agent wounded in Little Rock home shootout
- Katherine Schwarzenegger Gives Birth, Welcomes Baby No. 3 With Chris Pratt
- Food deals for March Madness: Get freebies, discounts at Buffalo Wild Wings, Wendy's, more
- Blinken says all of Gaza facing acute food insecurity as U.S. pushes Netanyahu over his war plans
- More than six in 10 US abortions in 2023 were done by medication — a significant jump since 2020
Recommendation
-
Gigi Hadid and Bradley Cooper Prove They're Going Strong With Twinning Looks on NYC Date
-
Caitlin Clark behind increased betting interest in women’s college basketball
-
Founders of the internet reflect on their creation and why they have no regrets over creating the digital world
-
Rural Nevada county roiled by voting conspiracies picks new top elections official
-
Bill on school bathroom use by transgender students clears Ohio Legislature, heads to governor
-
Jokic’s 35 points pace Nuggets in 115-112 win over short-handed Timberwolves after tight finish
-
The prep isn't fun, but take it from me: Getting this medical test can save your life
-
10 years after the deadliest US landslide, climate change is increasing the danger