They Did It!
Earlier this summer, I blogged on cheating website Ashley Madison promising to provide “100% discreet service” and a group of hackers threatening to reveal the website’s customers if the website was not removed. Well, it was not, and this past week, the group made good on its promise or threat, depending on how one views the issue, to make the stolen database easily available to the general public.
In spite of Ashley Madison’s promise to be “100% discreet” (whatever that means), the fine print used in its contracts also states, “We cannot ensure the security or privacy of information you provide through the Internet.” No contractual promises seen to have been breached if that had been the only promise made. But as Steve Hedley wrote in his comment (see below), some of those inconvenienced by the hack include a number who paid a fee of $19 specifically for a “full delete”. Does US contract law really allow Ashley Madison to take their money and then rely on fine print to justify a complete failure? That is a very good point and indeed does not seem to be the case. It could, of course, be that those who paid for a full delete got it and were _not_ among the ones in the publicized batch, but judging solely from media reports on this account, complaints have been made that the promised “full deletes” were not undertaken, so it seems that at least some that paid _additional_ money to become deleted from the website did not get what they paid for. That’s a breach. Thanks, Steve Hedley, for that comment.
But the matter is more serious and sad than that: the website was/is apparently also used for finding homosexual partners, which is illegal and carries the death penalty in countries such as Iran, Saudi Arabia, and the United Arab Emirates, where two users were listed.
Not surprisingly, this story again shows the importance of internet data security. One would think that after the recent HomeDepot, Target and other database breach episodes, people would have learned, but apparently, this is not the case.