It was only a matter of time.
The stolen database of 32 million people who used cheating website Ashley Madison has made its way to the Web. And it’s easily searchable on several websites.
Just plug in a name or email address, and you’ll find out if someone who signed up for the service.
CNNMoney is not linking to these sites directly, but they can be found via regular Web searches — if you know exactly what to look for.
Usually, hacked data is difficult to reach or sort through. Stolen files are posted on the Dark Web (which requires a special web browser called Tor). And they’re traded on file-sharing platforms (which also requires special software and clicking on dubious downloads).
But now anyone can check if his or her spouse was cheating — just by filling out a form.
Someone has even created a custom Google Map that displays some of AshleyMadison.com users’ addresses registered with the website.
Some people were idiotic enough to sign up using company and government work email addresses, making them especially easy to positively identify. Our quick review found 6,904 addresses linked to the Canadian and American governments, plus another 7,239 in the U.S. Army, 3,531 in the Navy, 1,114 Marines and 628 in the Air Force.
But it’s difficult to verify the accuracy of these searching tools. But at least one tool, which searches by email address, returns accurate results. CNNMoney verified this by plugging in email addresses of users it has independently verified.
The danger of being exposed is real.
Many of the cheaters exposed in this hack serve in the U.S. military, evident because they used email addresses that end in the .mil domain. Adultery does, in fact, violate Uniform Code of Military Justice. It’s a prosecutable offense that can land you a year in confinement and a dishonorable discharge.
What about people who used Ashley Madison to engage in gay affairs? The website’s users were worldwide, and there are 79 countries where homosexuality is illegal. In Afghanistan, Iran, Mauritania, Nigeria, Qatar, Saudi Arabia and the United Arab Emirates, the punishment is death.
A quick search of a small subset of Ashley Madison users listed two in the United Arab Emirates. Their addresses are most likely legitimate, because they were tied to the credit card they used to pay for the service, according to one computer researcher.
This is what Tim Cook was talking about earlier this year when he said we don’t live in a post-privacy world. Absolute privacy of data still matters.
The Ashley Madison hack includes customer names, credit card data, physical addresses and sexual preferences. Some users were smart enough to use fake names. But financial data is legitimate. And in total, the data makes it easy to hunt someone down.
This information is incredibly revealing. For example, the database shows if a person was listed as a married “male seeking male” with a “someone I can teach” sexual fantasy looking for a “boy next door.” Or an “attached female seeking male” with a “spanking” fantasy seeking “a Don Juan.”
The listed sexual fantasies range from master/slave relationships to cross dressing and exhibitionism.
This hack proves that you need to exercise extreme caution if you’re going to share your deepest, darkest secrets. Using your real name or payment information is a hazard. No website is impenetrable. Few websites practice good security standards. Even major American banks use second-rate security.
AshleyMadison.com had it even worse. As a hive of cheaters, it has long been the antagonist of betrayed spouses. It was an inevitable target for hackers. And the company behind the website, Avid Life Media, knew it couldn’t protect user data.
That’s why, in the fine print, Ashley Madison says, “We cannot ensure the security or privacy of information you provide through the Internet.” Compare that to the lofty promise it makes on the website front door for “100% discreet service.”