It鈥檚 hard to feel sorry for those whose names and personal data have been posted online after hackers stole massive amounts of sensitive customer information from the infidelity website Ashley Madison.
But the hackers aren鈥檛 high-minded Robin Hoods or public-spirited activists who should be admired. A major crime has been committed that has the potential to ruin reputations and lives, many of them innocent.
It鈥檚 also a sharp reminder 鈥 yet again 鈥 that the Internet has no secrets, that Internet security is largely a myth. If you don鈥檛 want the world to know it, don鈥檛 put it online.
Ashley Madison might not be the sleaziest thing you can find on the Internet, but it鈥檚 certainly a contender. It鈥檚 a website, operated by Toronto-based Avid Life Media, for married people who want to cheat on their spouses. The company says its clients are mainly in North America (including, presumably, Victoria), but that it is expanding to other countries.
鈥淥ver 39,050,000 anonymous members!鈥 boasts its website. Well, not any more. Claiming that the Ashley Madison website is a scam with thousands of fake female profiles, the hackers tried to pressure Avid Life Media into taking down the website, and when that didn鈥檛 happen, dumped details and log-ins for about 32 million users onto the 鈥渄ark web,鈥 the part of the Internet not reached by the usual search engines.
But that won鈥檛 stop the information from being spread around, and that spread has already begun.
The dumped files consist of millions of payment transactions, includes names, street addresses, email addresses and amounts paid, but apparently not credit-card numbers. One analysis showed about 15,000 .gov and .mil addresses from the U.S. The list shows 170 addresses associated with the Canadian Armed Forces and hundreds more from other federal departments and agencies.
This information prompted New York Times writer Jennifer Weiner to wonder about the intelligence and competence of certain public servants: 鈥淗ow, I ask you, can a country be great when its government workers aren鈥檛 smart enough to scurry over to the anonymous embrace of Hotmail and Yahoo when they want to cheat?鈥
That鈥檚 a questionable inference to draw, though. Ashley Madison does not require verification of identities or email addresses 鈥 there鈥檚 no way to know if members provided legitimate details. One user signed up as 鈥[email protected],鈥 but it鈥檚 highly doubtful the former British prime minister was availing himself of the website鈥檚 services 鈥 that email address is fake.
And therein lies potential for serious harm. Lives of innocent people could be ruined if their identities were used. And even someone using the site under his or her own name, while lacking in ethics and wisdom, would not be breaking the law.
Data-security analyst Brian Krebs, who exposed the Ashley Madison breach, says caution and sensitivity are required.
鈥淭here鈥檚 a very real chance that people are going to overreact,鈥 he says. 鈥淚 wouldn鈥檛 be surprised if we saw people taking their lives because of this, and obviously piling on with ridicule and trying to out people is not going to help the situation.鈥
While the Ashley Madison data breach is huge, it鈥檚 nothing new. In May, more than 3.5 million people had their sexual preferences, fetishes and secrets exposed after dating site Adult FriendFinder was hacked.
Much larger data breaches have happened over the past several years, jeopardizing the financial and personal information of hundreds of millions of people. Sometimes perpetrators are caught; sometimes they are not.
These crimes, often crossing international boundaries, are difficult to prosecute. You can鈥檛 always depend on governments to protect your personal information.
It鈥檚 a jungle out there. Look after yourself.
