Current:Home > FinanceInside the Eternally Wild Story of the Ashley Madison Hacking Scandal-LoTradeCoin
Inside the Eternally Wild Story of the Ashley Madison Hacking Scandal
View Date:2024-12-24 01:15:59
On July 13, 2015, Evan Back walked through the door of his Toronto office and immediately sensed something was wrong.
Normally people would be milling around, drinking coffee, getting ready to tackle the Monday ahead. Instead, he remembered, there "was a strange, weary, uncomfortable silence."
When he switched on his computer, he understood.
Nine years ago, Back was VP of sales at Ashley Madison, and the dating site that catered to married people looking to have affairs had been hacked over the weekend.
"The promise of security and anonymity and guarantee and safety was just something we said," Back recalled in the recent Netflix docuseries Ashley Madison: Sex, Lies & Scandal. "It wasn't something we did."
Amit Jethani, former director of product for the site, concurred.
"Every department had to get creative because there was no real playbook for running a service like this one," he said in the series. And though security was frequently discussed, shoring up the system kept falling by the wayside. Everyone knew a hack "would have been catastrophic," he added. "The hope was that it wouldn't happen."
But as anyone who couldn't resist the siren song of schadenfreude in the summer of 2015 remembers, it happened. And the aftermath was nuts.
Obviously there was egg on the face of the company with the motto "Life is short. Have an affair."
Yet the scandal is far more remembered for the bold-faced names who were subsequently identified as Ashley Madison account holders (or alleged account holders, as some who were publicly named denied ever signing up) and the massive amount of judgment that ensued.
The Netflix series comes less than a year after the ABC News/Hulu documentary The Ashley Madison Affair and serves as a reminder of two things: Some of the sleaziest moments in our culture benefit from a little hindsight. And there's always another layer to be peeled.
Here's what happened when Ashley Madison got hacked:
Ashley Madison launched on Jan. 21, 2002. The brainchild of founder Darren J. Morgenstern was controversial upon arrival, considering it was a website designed for married people looking to cheat on their spouses.
The company's brazen slogan was "Life Is Short. Have an Affair." And they had to get creative with their marketing, too, since prime-time TV was a no-go and they were banned by appointment programming like the Super Bowl and the Oscars.
"It was virtually impossible to get ads on television," former VP of sales Evan Back recalled in the 2024 Netflix series Ashley Madison: Sex, Lies & Scandal. "No mainstream networks would take us."
But online dating, in all its forms, was on the rise, and CEO Noel Biderman tirelessly made the rounds on every news and talk show that would have him—sometimes in joint interviews with wife Amanda Biderman. (One of the sampled clips shows Dr. Phil McGraw theatrically shrinking into his chair as Biderman touted Ashley Madison as a "preservation device" for married couples during a 2012 appearance on Katie Couric's Katie.)
The site continued to grow and, by 2015, Ashley Madison was up to 37 million registered users and counting.
On July 12, 2015, an entity calling itself The Impact Team hacked into Ashley Madison's internal system.
Employees were greeted by a message when they turned on their work computers, accompanied by the strains of AC/DC's "Thunderstruck": Shut down Avid Life Media-owned Ashley Madison and sister site Established Men (tagline: "connecting young, beautiful women with successful men"), or else the hackers would expose company and customer data for the world to see.
Hoping to contain the breach (and to resume business as usual as soon as possible), Ashley Madison called in private cyber security experts who specialized in hacking and rooting out system vulnerabilities.
Meanwhile, speculation ran rampant as to who was behind the scheme, with wild guesses including a disgruntled customer, a jilted spouse or basically anyone who disapproved of the service they were providing.
On July 19, 2015, The Impact Team posted a statement on Pastebin, a content-hosting service, relaying that ALM had 30 days to shutter Ashley Madison and Established Men, or else they'd proceed with dumping the sites' data.
Cybersecurity news site KrebsOnSecurity reported the same day that The Impact Team had posted caches of stolen company data from ALM. Biderman told the site at the time that they were working "diligently and feverishly" to remove all proprietary information from the web and the article noted that some of the links to the files stopped working during the 30 minutes journalist Brian Krebs spoke to the CEO.
"We're not denying this happened," Biderman said. "Like us or not, this is still a criminal act."
The news rocketed around the world within hours that the site where aspiring cheaters went to have discreet affairs had been hacked and 37 million customers' personal data was at risk of being exposed.
On July 20, Ashley Madison released respective statements confirming "an attempt by an unauthorized party to gain access to our systems" and that a joint investigation was underway with law enforcement.
Hours later, all the late night hosts were cracking jokes.
Reddit started buzzing with concerns about what might be revealed, and Inquisitr reported that some guilty spouses were already pre-emptively confessing to being on Ashley Madison, just in case.
One such post from July 20, 2015, has been removed but many comments are still there, including, "Check his credit card bill" and "I feel like just the fact he told you this so soon after the news of the leak came out indicates that he has been cheating on you."
Moreover, people who knew their way around the dark web were already poking around trying to access the files, according to tech-centric reports about the immediate fallout.
On July 22, The Impact Team leaked two purported Ashley Madison usernames and account info.
Meanwhile, cybersecurity experts Joel Eriksson and André Catry had honed in on a possible perpetrator, a contractor who was no longer doing work for the company when he seemingly accessed its system.
They met the person they called "Suspect A" for a coffee and the man right away denied having anything to do with the hack, the duo recounted in the Netflix series. When they told him they had information pointing to him, his "demeanor changed," Catry said, and he admitted to previous breaches of the system—but not this one.
Ultimately, Catry noted, there were "a lot of leads that did not go anywhere."
ALM didn't shut down Ashley Madison or Established Men. And on Aug. 18, The Impact Team posted "TIME'S UP" on Pastebin and shared a torrent file containing nearly 10 gigabytes of data, including user email addresses.
Within a day, the info had been verified as being the real deal from Ashley Madison—but the sifting and categorizing had already begun.
One of the first bits of news to arise from day one: A lot of people used official government, military and corporate email addresses to open Ashley Madison accounts.
Over the next couple of days, several databases sprang up to make it easy for anyone to search for names and email addresses to see if they were part of the leak.
There were subsequent data dumps on Aug. 20 and Aug. 23, the latter including the full list of email addresses ending in .gov that were used to sign up, as well as more emails, dates the accounts were created, IP addresses, mailing address and the dollar amounts users spent on the site. (There wasn't a regular subscription fee; rather, customers paid for credits to reach out to other users. "Pay to play," sales VP Back quipped in the Netflix series.)
During those first few days, notable people linked to the leaked Ashley Madison account info included 19 Kids and Counting alum Josh Duggar; Josh Taekman, husband of The Real Housewives of New York City's Kristen Taekman; Christian vlogger Sam Rader, famous for family-friendly viral videos he made with wife Nia Rader; former Florida State Attorney Jeff Ashton, who led the prosecution at Casey Anthony's 2011 murder trial that ended with her acquittal; and Hunter Biden, the controversy-courting son of President Joe Biden, who was vice president at the time.
The site did not verify email addresses before the 2015 hack, meaning people could theoretically claim to be anybody when setting up a profile.
"I am certain that the account in question is not mine," Hunter Biden, who was still married to first wife Kathleen Buhle at the time (they divorced in 2017), said in a statement after his name turned up. "This account was clearly set up by someone else without my knowledge and I first learned about the account in question from the media."
Duggar, who is currently serving a 12-and-a-half-year prison sentence after being found guilty of receiving child pornography, didn't directly acknowledge the account but admitted to being unfaithful to wife Anna Duggar in the wake of the leak. They had four children then and now share seven.
Taekman admitted to having an account but denied ever actually cheating on his wife, and the parents of two remain together.
"I have to say, I'm very proud of our relationship and I think we've come a long way," Kristen, who was on RHONY from 2014 to 2015, told People in 2023. "We are stronger than ever. Maybe I'm back to prove everybody wrong and break all those silly myths about Housewives marriages, because despite what everyone probably thought, we're still happily married."
Ashton, now a Ninth Judicial Circuit Court judge in Florida, admitted during an Aug. 23 press conference to using his personal credit card to sign up out of curiosity two years before the hacking. And, he told reporters, he never met anyone in person or broke any laws.
"I was wrong," he said. "I was taught that when you do something wrong, you stand up and you say you did." Sometimes he accessed the site from work, he said, but only using his private computer.
"I hope the public will judge me on my 35 years of service," he said, "and not a bad mistake."
The Raders, meanwhile, participated in the Netflix series.
Sam recalled confessing to his wife that he had an Ashley Madison account over lunch at Chili's at the Dallas Fort Worth airport before they took off for a family-friendly vlogger convention in Seattle.
But he initially lied to both Nia and all their fans when he explained in a YouTube video, his wife by his side, that he had the account but he had otherwise remained faithful.
In reality, he said in the series, "I was keeping a lot of secrets from Nia, and the secrets went a lot deeper than Ashley Madison and a lot further back."
They temporarily lived apart and went to counseling after the debacle, the parents of four said in the series, and remain together.
"I'm not angry at Ashley Madison, definitely not angry at the hackers," Sam told Netflix's Tudum after the series premiered. "I was already on a horrible path when Ashley Madison was advertised to me. Of course, it’s frustrating that they didn’t keep my data safe, but I just see it as the Lord exposing me and bringing [me] out of the darkness."
Added Nia, "It's still shocking to me that things like this exist." But, she noted, "I believe that marriages can be healed. It's worth fighting to fix your marriage."
Two Canadian law firms announced Aug. 20 they were filing a $578 million class action lawsuit against Ashley Madison and Avid Life Media on behalf of all Canadians whose information was exposed by the security breach.
"Numerous former users of AshleyMadison.com have approached the law firms to inquire about their privacy rights under Canadian law," the firms said in a statement, per TIME. "They are outraged that AshleyMadison.com failed to protect its users' information. In many cases, the users paid an additional fee for the website to remove all of their user data, only to discover that the information was left intact and exposed."
(Under new management, parent company Ruby settled pending class action litigation on behalf of U.S. customers in 2017 for $11.2 million. They did not admit wrongdoing.)
On Aug. 24, police announced that ALM was offering a roughly $380,000 reward (500,000 Canadian dollars) for information that resulted in the identification, and subsequent arrest, of the hackers. Police also said that two reported deaths by suicide may have been linked to the Ashley Madison breach.
In the Netflix series, a woman identified only as Christi shared that her husband, a New Orleans-based seminary teacher, took his own life after the data leak.
Toronto Police Force Superintendent Bryce Evans issued a statement appealing to those "who engage in discussions on the dark web and who no doubt have information that could assist this investigation" to "do the right thing."
He continued, "This hack is one of the largest data breaches in the world. The social impact behind this leak, we're talking about families, we're talking about children, we're talking about wives, we're talking about their male partners. It's going to have impacts on their lives…This is affecting all of us."
Evans (who has since retired and appeared in the Netflix series) also warned anyone whose email may have been exposed to watch out for would-be scammers looking to capitalize on people's humiliation by offering fake services, like too-good-to-be-true data deletion or legal representation.
Biderman, whose company emails were also exposed in the breach, stepped down as CEO on Aug. 28. ALM said in a statement his resignation was "in the best interest of the company and allows us to continue to provide support to our members and dedicated employees."
Several days later came reports by Gizmodo and others that, going by analysis of the leaked data, the majority of accounts belonging to women on the site were either fake or never used, and that the site set up numerous fake female accounts to attract more male users.
An unnamed company executive pushed back at the characterization, suggesting that the hackers released selective information to skew the gender data and that the user numbers that Ashley Madison shared for advertising purposes were accurate.
"These numbers are being taken out of context," the executive told the Washington Post at the time. "These criminals have no idea how our business works. You're not seeing everything."
Any reports of Ashley Madison's death have been greatly exaggerated.
Not only was there a reported influx of customers not long after the breach, but after undergoing a "complete rehaul" to rebuild trust with customers, the site now boasts 85 million users, spokesperson Paul Keable told Fox News Digital after the Netflix series' May 15 premiere.
"Now, we look at [security] as a whole-of-company approach," Keable said. "Every person's job is security, every person's job is discretion."
He also said there had been an uptick in membership in the days since the docuseries premiered, adding, "People who are unaware of us that are struggling with their situation think, 'Maybe that's my solution.'" Keable complimented Netflix's storytelling, but shouted out the 2023 Hulu documentary The Ashley Madison Affair for painting the complete picture of where the business ended up post-scandal.
"Myself, my colleagues, we're pretty proud of the fact that despite other people's beliefs, we're standing loud and proud today and delivering on people's needs," he said. "It's a pretty cool story, but we can't wait for the next chapter."
Watch E! News weeknights Monday through Thursday at 11 p.m., only on E!.veryGood! (5)
Related
- Groups seek a new hearing on a Mississippi mail-in ballot lawsuit
- Who Is Henrik Christiansen? Meet the Olympic Swimmer Obsessed With Chocolate Muffins
- GOP primary voters in Arizona’s largest county oust election official who endured years of attacks
- Exonerated murder suspect Christopher Dunn freed after 30 years, Missouri court delay
- Barbora Krejcikova calls out 'unprofessional' remarks about her appearance
- Nursing home inspections across New Mexico find at least one violation in 88% of facilities
- Donald Trump’s EPA Chief of Staff Says the Trump Administration Focused on Clean Air and Clean Water
- Kansas stops enforcing a law against impersonating election officials
- NATO’s Rutte calls for more Western support for Ukraine, warns of Russian alliances
- Federal judge says New Jersey’s ban on AR-15 rifles is unconstitutional
Ranking
- Olivia Culpo Celebrates Christian McCaffrey's NFL Comeback Alongside Mother-in-Law
- Argentina star Ángel Di María says family received pig's head, threat to daughter's life
- Federal protections of transgender students are launching where courts haven’t blocked them
- New Jersey school is removing Sen. Bob Menendez’s name from its building
- What are the best financial advising companies? Help USA TODAY rank the top U.S. firms
- What you need to know about raspberries – and yes, they're good for you
- Hawaii Gov. Josh Green tells AP a $4 billion settlement for 2023 Maui wildfire could come next week
- Map shows 13 states with listeria cases linked to Boar's Head recall
Recommendation
-
Ryan Reynolds Makes Dream Come True for 9-Year-Old Fan Battling Cancer
-
Rob Lowe teases a 'St. Elmo's Fire' sequel: 'We've met with the studio'
-
2024 Pro Football Hall of Fame Game: Date, time, how to watch Bears vs. Texans
-
Treat Yourself to These Luxury Beauty Products That Are Totally Worth the Splurge
-
Federal judge orders Oakland airport to stop using ‘San Francisco’ in name amid lawsuit
-
How (and why) Nikola Jokic barely missed triple-double history at 2024 Paris Olympics
-
Nursing home inspections across New Mexico find at least one violation in 88% of facilities
-
Detroit man convicted in mass shooting that followed argument over vehicle blocking driveway