Marital Infidelity Site AshleyMadison Hacked, But Claims No One Should Worry Since It DMCA'd All Leaked Copies

from the wait,-what? dept

As you my have heard by now, on Sunday, online security super reporter Brian Krebs revealed that the infamous "dating site for married people who want to cheat on their spouse," AshleyMadison had its systems hacked, with whoever is responsible claiming to have basically everything. Apparently the site (and a few other similar sites run by the company) had 37 million registered users, many of which are probably a bit more worried about their information leaking publicly than they were a couple days ago.

But, no worry, claims the company to a reporter at Wired: it's issued takedowns to everyone who posted the info, so problem solved:
In a followup statement to WIRED from Avid Life Media Monday morning, the company writes that it has used copyright infringement takedown requests to have “all personally identifiable information about our users” deleted from the unnamed websites where it was published.
First off, what? Anyone who actually believes that DMCA takedown notices actually stopped this information from being available is probably also busy shipping the contents of his or her bank accounts to friendly princes-in-need across the Atlantic. Second, what? The company has no "copyright" claim in the information in question in the first place, and issuing a copyright/DMCA takedown doesn't make any sense at all, other than in a sort of desperate "please save us!" attempt to not have the company be completely destroyed by this incredible data breach. While perhaps some sites actually took the information down, there is simply no legitimate reason to use a copyright takedown claim to do so.

Meanwhile, others are pointing out that the site already leaked information about who had accounts if you knew what to look for -- and, somewhat ridiculously had bragged about its security in the past. Back in November of last year, after a bunch of celebrity nude photos leaked on the internet, AshleyMadison had a PR person reach out to me (and others) talking up AshleyMadison's privacy and security features:
Note: "the company takes every measure possible to ensure the safety of their members' information...." Or, maybe not. It also seems worth noting that the hackers are claiming to release this information because the company charged an extra fee to supposedly delete all of your info from its servers... but, according to the hacker, did not do so. And, of course, that might mean that the company is facing fraud charges beyond just having its basic business destroyed. But, no worries, I'm sure the company will look to use copyright law to fix that too...

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    That One Other Not So Random Guy, 20 Jul 2015 @ 1:40pm

    Kind of bolsters the argument for online anonymity. I wonder if General Wesley Clark was a member.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Jul 2015 @ 1:42pm

    Removing stolen information via DMCA takedown requests huh? I bet the NSA wishes they'd thought of that one a couple years ago.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Jul 2015 @ 1:50pm

      Re:

      They prefer to send in their friends to destroy laptops and drives, or size people electronics as they cross borders.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 Jul 2015 @ 1:57pm

        Re: Re:

        But confiscating or destroying people's electronics doesn't have a 100% success rate! Sending DMCA takedown requests does! Just ask Avid Life Media.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Jul 2015 @ 2:01pm

    Good to know

    "Back in November of last year, after a bunch of celebrity nude photos leaked on the internet, AshleyMadison had a PR person reach out to me (and others) talking up AshleyMadison's privacy and security features"


    This raises one question (at least in my probably perverted mind): There are celebs on AM? Interesting...I guess I will open an account who lives in Cali. Or maybe we could all scan for celebs on the site... ok now I kind of hope they do not close and the information is made public, for the lulz of course! Set those scanners to senators!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Jul 2015 @ 2:15pm

    "But, no worries, I'm sure the company will look to use copyright law to fix that too..."

    Or they can find a way to blackmail judges, juries, prosecutors, attorneys, regulators ...

    A site with this kind of intel shouldn't have that much difficulty. The NSA only wishes they had this kind of power ...

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Jul 2015 @ 5:08pm

      Re:

      I'm sure intelligence services can see the possibilities available that comparatively unsecured information treasure troves like AshleyMadison present. It's possible they're well ahead of you on this one, and not necessarily just "friendly" domestic services.

      reply to this | link to this | view in chronology ]

  • icon
    Paul Renault (profile), 20 Jul 2015 @ 2:28pm

    We have a winner, Mike!

    Next Sunday's winner for the funniest comment of the week, goes to ALM CEO Noel Biderman.

    The rest of you can just stop commenting, ...go home. Get to know your family again. Make love to your wife. Write that novel you got kicking around in your head....

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Jul 2015 @ 5:46pm

      Re: We have a winner, Mike!

      I don't have children, and I'm not a writer. As to that "make love to my wife" thing, well... I'm hoping those DMCAs actually worked.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Jul 2015 @ 6:17pm

      Re: We have a winner, Mike!

      In light of the data shouldn't you have said to make love to your "date"?

      reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 20 Jul 2015 @ 9:37pm

        Re: Re: We have a winner, Mike!

        In light of the data shouldn't you have said to make love to your "date"?

        Maybe "make love to your wife before she divorces you".

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Aug 2015 @ 1:12pm

      Re: We have a winner, Mike!

      Instructions unclear. I got to know my wife, kicked my family around and made love to a novel....

      reply to this | link to this | view in chronology ]

  • identicon
    Made in China, 20 Jul 2015 @ 2:30pm

    OPM database cross referenced to AM database

    Interesting to see if anyone cross references info from various hacks. MMMmmmm....

    reply to this | link to this | view in chronology ]

  • identicon
    Rex Rollman, 20 Jul 2015 @ 4:34pm

    The DMCA doesn't apply outside the US. What are they going to do if it's published outside of the country?

    reply to this | link to this | view in chronology ]

  • icon
    aldestrawk (profile), 20 Jul 2015 @ 5:50pm

    Note: "the company takes every measure possible to ensure the safety of their members' information...." Or, maybe not.

    Of course they did! Even the hacker(s) at Impact Team say so in their statement:

    "Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this."

    reply to this | link to this | view in chronology ]

  • identicon
    Mark Wing, 20 Jul 2015 @ 6:29pm

    I wonder if Donald Trump's profile will become public now: "Billionaire seeks discrete ladies for fun times and hair play. No fatties or Latinas please."

    reply to this | link to this | view in chronology ]

  • icon
    aldestrawk (profile), 20 Jul 2015 @ 7:13pm

    potential culprits

    1). insider, or former insider, seeking vengeance.
    2). angry, vindictive, cheated upon female with mad h@xor skillz. (that may be sexist, but, according today's AMA by a former Avid Life Media employee, it was only angry females who contacted them or showed up at the, guarded, front door in Toronto.
    3). moralizing religious hacktivist.
    4). opportunistic hacker doing it for the Lulz.

    "Avid Life Media runs Ashley Madison, the internet's #1 cheating site, for people who are married or in a relationship to have an affair. ALM also runs Established Men, a prostitution/human trafficking website for rich men to pay for sex, as well as cougar life, a dating website for cougars, man crunch, a site for gay dating, swappernet for swingers, and the big and the beautiful, for overweight dating."

    The moralizing, as evidenced in their statement (http://pastebin.com/Kty5xBiv), seems inconsistent. Their main goal is shutting down both the Ashley Madison and Established Men websites. However, they also publish the usertable for Swappernet with the rationale that this was the only site with cleartext passwords contained in the database. So, they are going after swingers, but only partially, and leaving the gay folk alone. The Ashley Madison site also requires females to sign up for this to work at all. The male/female ratio is heavily skewed towards males, especially after deleting the constant influx of bogus female accounts meant to drive traffic to webcam girls. However, that still means there are real females on the site looking for a very discreet affair. One would assume they are cheaters also. Yet, their statement contains this sentence:

    "Too bad for those men, they're cheating dirtbags and deserve no such discretion."

    What about the cheating dirtbags who are females? That may point to an angry, vindictive female hacker but I am confused by their strategy. They didn't dump the entire Ashley Madison database. They didn't even just dump only the males on that database. They are releasing the details on one account per day until both the Ashley Madison and Established Men sites are shut down. I would think that releasing the data all at once would effectively shut down those websites without the power trip game/drama. This is the main reason I am leaning towards a vengeful insider as the culprit. Their statement includes stuff that appears to be personal:

    "Well Trevor [ALM's CTO], welcome to your worst fucking nightmare."

    "And it was easy. For a company whose main promise is secrecy, it's like you didn't even try, like you thought you had never pissed anyone off"

    Yet, there is the following statement as well.

    "Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this."

    The tone, and inconsistency, of those two statements reeks of anger and bragging. It certainly does not fit a purely moralizing hacktivist.

    Finally, the name "Impact Team" was probably inspired by the recent "Hacking Team" exploits. I can't help but notice though that the acronym is "IT". If, in fact, a former member of ALM's IT department is seeking revenge than ALM probably already has a good idea who it is. Although, like most companies, they will attempt to keep all details secret while reassuring their paid subscribers that everything will soon be OK.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Jul 2015 @ 7:17pm

    Can they do that???

    Can you really even copyright subscriber data in the first place???

    reply to this | link to this | view in chronology ]

  • icon
    Paraquat (profile), 20 Jul 2015 @ 9:23pm

    How was it done?

    I'm just wondering if anybody knows just how the site was hacked. What OS was Ashley Madison running? Which web server?

    reply to this | link to this | view in chronology ]

    • icon
      Paraquat (profile), 20 Jul 2015 @ 9:30pm

      Re: How was it done?

      OK, I just checked (should have done this before posting). According to Netcraft, ashleymadison.com runs of Linux using nginx as a web server.

      Of course, hacking could have been via security holes in php programming, rather than the OS and server software.

      As someone very sceptical of systemd's security, I also wonder if that could be the source of the breakdown.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Jul 2015 @ 9:53pm

    Security, Zuma style

    The AshleyMadison copyright/DMCA solution is worthy of Jacob Zuma, the South African Prez; a known womanizer (some would say rapist). He famously claimed to have safeguarded himself from a potential HIV-infection from a lover (victim) by taking a shower!

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 21 Jul 2015 @ 12:04am

    Is there anything copyright can't do??
    Oh yeah, it sure as hell isn't going to save AM.

    reply to this | link to this | view in chronology ]

  • icon
    tom (profile), 21 Jul 2015 @ 7:32am

    The DMCA thing sounds like Lawyer 1 asking Lawyer 2 how the company can appear to be in compliance with the Due Process/Due Diligence requirements of basic computer security before they both had to appear in a meeting with board members to discuss the company's action plan.

    When lawsuits get filed against the company over lack of basic data security, I wonder how many Officers of the Court will be ethically required to recuse themselves due to their having accounts?

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 21 Jul 2015 @ 12:49pm

    DMCA takedowns are turning, culturally, into a universal data-suppression tool.

    Now people, companies, specifically, are assuming that DMCA takedowns are for any information online that you want suppressed, not just incidents of infringement on content you own, but anything.

    The carpet crawlers heed their callers...

    reply to this | link to this | view in chronology ]

    • icon
      tqk (profile), 21 Jul 2015 @ 4:05pm

      Re: DMCA takedowns are turning, culturally, into a universal data-suppression tool.

      Yes, and wouldn't this be an excellent case to apply sanctions against false DMCA takedowns? They're abusing the law because it's easy and there's no penalty for doing so.

      reply to this | link to this | view in chronology ]

  • identicon
    barbara whiteman, 22 Jul 2015 @ 7:17pm

    call 5702908280 if you're looking to get your profile deleted from Ashley-Madison Dating network .

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Jul 2015 @ 7:37am

      Re:

      Interesting - is the number listed some kind of lo-rent swatting effort? Or crappy fear separation of people from their money?

      reply to this | link to this | view in chronology ]

  • identicon
    zenka10, 21 Oct 2015 @ 1:23pm

    You can poop in one hand and fill the other with trust and you'll see which one weighs more! Truth is ALL men are sneaking pigs. Every women should carry a dough roller in one hand, and install this Android on their pigs phone with the other. There's no longer any reason to "trust", you don't even need to sneak into their phone now'days. Get married, find the truth, get divorced and start living! https://www.youtube.com/watch?v=0PCWYkQHTf8

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 21 Oct 2015 @ 1:52pm

      Um... that's an express train to a sucky relationship.

      If you can't trust your man, don't have him as your man. It's easier on the rolling pin, and it means you don't have to betray someone by installing malware on his phone.

      My approach has been to try to find people who know themselves, and are willing to be truthful with me from the beginning, even if it means admitting to uncomfortable tendencies, like needing the D from multiple directions. That is a place from which we can negotiate far more easily than the discovery of a betrayal.

      Part of it is that infidelity is fun in fantasy. That's why we like to write about it in fiction a lot. If that's what is driving your sweetheart to someplace like Ashley Madison, there may be ways to appeal to the fantasy without having to deal with the consequences of reality.

      Of course, if your partner is going to Ashley Madison because you're distrustful and suspicious of him all the time then maybe you weren't compatible from the beginning. Find a guy you can trust.

      More generally: Distrust feels degrading even when it's not personal. When a store clerk requires me to entrust my bags with a clerk while browsing, it creates from entering the store a tense environment where customers are presumed to be potential thieves. It's also why discs that have unskippable anti-piracy adverts are distasteful in that they imply the owner (who probably paid for the media themselves) is a media pirate.

      Don't DRM your love life. If you cannot trust any man, steer clear of men.

      reply to this | link to this | view in chronology ]

    • icon
      tqk (profile), 24 Oct 2015 @ 8:28am

      Re:

      Truth is ALL men are sneaking pigs.

      Your "all men are pigs" is balanced out by my "all women are crazy." We're even. That's what we've got to work with so go from there.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.