Cybersecurity

The Ashley Madison affair: sex, lies and data protection

Andrea Stroppa
Share:
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

Cybersecurity

The Ashley Madison affair has highlighted the risks in sharing personal data online and revealed the need for better data-protection policies. Many sources are reporting that up to 10 gigabytes of personal data stolen from the 37 million users of the online dating service for extramarital affairs has been dumped on to various Torrent file-sharing services in the past few weeks.

About a month ago, hackers claimed that they had stolen sensitive customer information and threatened to post the data online unless the Ashley Madison website ceased its business activity. This appears to be have been triggered by the company’s failure to honour its claim that a user could have data permanently erased from the platform database by paying an extra $19. The hackers went on to release home and email addresses, credit card numbers, sexual preferences and other sensitive data of its registered users, which include US military servicemen, CEOs and government officials.

Raja Bhatia, Ashley Madison’s former chief technology officer, tried to dismiss the whole issue. “The overwhelming amount of data released in the last three weeks is fake data,” he said. But this data dissemination is revealing a much wider breach with potentially disastrous consequences for all those involved – along with several “bad practices” and data protection policy issues.

To start with, there was no email verification for new users of Ashley Madison (understandably so given the nature of the business). Therefore, it was easy for many simply to deny ever joining – and they may be right. It is also likely that this lack of verification encouraged many to use fake names and email addresses. (Too bad though for those who used their real names.) And the website claim that user data was encrypted to protect against external hacks clearly didn’t work.

If it is confirmed that Avid Life Media, the owner of AshleyMadison.com, did not delete user data permanently as promised, there could a serious knock-on effect in terms of trust for the entire online dating industry. Indeed, users of such sites should make a point of reading the “fine print”, checking terms of service and how personal data will be managed.

Before joining such websites, we should ask the following four key questions: Will our personal data actually be encrypted? Who is entitled to access and use them – and how? Do we trust the company and its managers? And does the website have a secure connection (https)?

Will these measures be enough? Probably not, but they are certainly a good place to start. Better safe than sorry, especially when facing such huge leaks.

Author: Andrea Stroppa writes about security and technology for the World Economic Forum.

Image: A photo illustration shows the Ashley Madison app displayed on a smartphone in Toronto, August 20, 2015. REUTERS/Mark Blinch

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Share:
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

3 trends set to drive cyberattacks and ransomware in 2024

Scott Sayce

February 22, 2024

About Us

Events

Media

Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum