Marital Infidelity Site AshleyMadison Hacked, But Claims No One Should Worry Since It DMCA'd All Leaked Copies

from the wait,-what? dept

As you my have heard by now, on Sunday, online security super reporter Brian Krebs revealed that the infamous "dating site for married people who want to cheat on their spouse," AshleyMadison had its systems hacked, with whoever is responsible claiming to have basically everything. Apparently the site (and a few other similar sites run by the company) had 37 million registered users, many of which are probably a bit more worried about their information leaking publicly than they were a couple days ago.

But, no worry, claims the company to a reporter at Wired: it's issued takedowns to everyone who posted the info, so problem solved:
In a followup statement to WIRED from Avid Life Media Monday morning, the company writes that it has used copyright infringement takedown requests to have “all personally identifiable information about our users” deleted from the unnamed websites where it was published.
First off, what? Anyone who actually believes that DMCA takedown notices actually stopped this information from being available is probably also busy shipping the contents of his or her bank accounts to friendly princes-in-need across the Atlantic. Second, what? The company has no "copyright" claim in the information in question in the first place, and issuing a copyright/DMCA takedown doesn't make any sense at all, other than in a sort of desperate "please save us!" attempt to not have the company be completely destroyed by this incredible data breach. While perhaps some sites actually took the information down, there is simply no legitimate reason to use a copyright takedown claim to do so.

Meanwhile, others are pointing out that the site already leaked information about who had accounts if you knew what to look for -- and, somewhat ridiculously had bragged about its security in the past. Back in November of last year, after a bunch of celebrity nude photos leaked on the internet, AshleyMadison had a PR person reach out to me (and others) talking up AshleyMadison's privacy and security features:
Note: "the company takes every measure possible to ensure the safety of their members' information...." Or, maybe not. It also seems worth noting that the hackers are claiming to release this information because the company charged an extra fee to supposedly delete all of your info from its servers... but, according to the hacker, did not do so. And, of course, that might mean that the company is facing fraud charges beyond just having its basic business destroyed. But, no worries, I'm sure the company will look to use copyright law to fix that too...
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cheating, copyright, dmca, hacking, infedility, privacy, takedown
Companies: ashleymadison, avid life media


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    That One Other Not So Random Guy, 20 Jul 2015 @ 1:40pm

    Kind of bolsters the argument for online anonymity. I wonder if General Wesley Clark was a member.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Jul 2015 @ 1:42pm

    Removing stolen information via DMCA takedown requests huh? I bet the NSA wishes they'd thought of that one a couple years ago.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Jul 2015 @ 1:50pm

      Re:

      They prefer to send in their friends to destroy laptops and drives, or size people electronics as they cross borders.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 Jul 2015 @ 1:57pm

        Re: Re:

        But confiscating or destroying people's electronics doesn't have a 100% success rate! Sending DMCA takedown requests does! Just ask Avid Life Media.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Jul 2015 @ 2:01pm

    Good to know

    "Back in November of last year, after a bunch of celebrity nude photos leaked on the internet, AshleyMadison had a PR person reach out to me (and others) talking up AshleyMadison's privacy and security features"


    This raises one question (at least in my probably perverted mind): There are celebs on AM? Interesting...I guess I will open an account who lives in Cali. Or maybe we could all scan for celebs on the site... ok now I kind of hope they do not close and the information is made public, for the lulz of course! Set those scanners to senators!

    link to this | view in chronology ]

    • icon
      nasch (profile), 20 Jul 2015 @ 9:36pm

      Re: Good to know

      This raises one question (at least in my probably perverted mind): There are celebs on AM?

      Where did you get that?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Jul 2015 @ 2:15pm

    "But, no worries, I'm sure the company will look to use copyright law to fix that too..."

    Or they can find a way to blackmail judges, juries, prosecutors, attorneys, regulators ...

    A site with this kind of intel shouldn't have that much difficulty. The NSA only wishes they had this kind of power ...

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Jul 2015 @ 5:08pm

      Re:

      I'm sure intelligence services can see the possibilities available that comparatively unsecured information treasure troves like AshleyMadison present. It's possible they're well ahead of you on this one, and not necessarily just "friendly" domestic services.

      link to this | view in chronology ]

  • icon
    Paul Renault (profile), 20 Jul 2015 @ 2:28pm

    We have a winner, Mike!

    Next Sunday's winner for the funniest comment of the week, goes to ALM CEO Noel Biderman.

    The rest of you can just stop commenting, ...go home. Get to know your family again. Make love to your wife. Write that novel you got kicking around in your head....

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Jul 2015 @ 5:46pm

      Re: We have a winner, Mike!

      I don't have children, and I'm not a writer. As to that "make love to my wife" thing, well... I'm hoping those DMCAs actually worked.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Jul 2015 @ 6:17pm

      Re: We have a winner, Mike!

      In light of the data shouldn't you have said to make love to your "date"?

      link to this | view in chronology ]

      • icon
        nasch (profile), 20 Jul 2015 @ 9:37pm

        Re: Re: We have a winner, Mike!

        In light of the data shouldn't you have said to make love to your "date"?

        Maybe "make love to your wife before she divorces you".

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Aug 2015 @ 1:12pm

      Re: We have a winner, Mike!

      Instructions unclear. I got to know my wife, kicked my family around and made love to a novel....

      link to this | view in chronology ]

  • identicon
    Made in China, 20 Jul 2015 @ 2:30pm

    OPM database cross referenced to AM database

    Interesting to see if anyone cross references info from various hacks. MMMmmmm....

    link to this | view in chronology ]

  • identicon
    Rex Rollman, 20 Jul 2015 @ 4:34pm

    The DMCA doesn't apply outside the US. What are they going to do if it's published outside of the country?

    link to this | view in chronology ]

  • icon
    aldestrawk (profile), 20 Jul 2015 @ 5:50pm

    Note: "the company takes every measure possible to ensure the safety of their members' information...." Or, maybe not.

    Of course they did! Even the hacker(s) at Impact Team say so in their statement:

    "Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this."

    link to this | view in chronology ]

  • identicon
    Mark Wing, 20 Jul 2015 @ 6:29pm

    I wonder if Donald Trump's profile will become public now: "Billionaire seeks discrete ladies for fun times and hair play. No fatties or Latinas please."

    link to this | view in chronology ]

  • icon
    aldestrawk (profile), 20 Jul 2015 @ 7:13pm

    potential culprits

    1). insider, or former insider, seeking vengeance.
    2). angry, vindictive, cheated upon female with mad h@xor skillz. (that may be sexist, but, according today's AMA by a former Avid Life Media employee, it was only angry females who contacted them or showed up at the, guarded, front door in Toronto.
    3). moralizing religious hacktivist.
    4). opportunistic hacker doing it for the Lulz.

    "Avid Life Media runs Ashley Madison, the internet's #1 cheating site, for people who are married or in a relationship to have an affair. ALM also runs Established Men, a prostitution/human trafficking website for rich men to pay for sex, as well as cougar life, a dating website for cougars, man crunch, a site for gay dating, swappernet for swingers, and the big and the beautiful, for overweight dating."

    The moralizing, as evidenced in their statement (http://pastebin.com/Kty5xBiv), seems inconsistent. Their main goal is shutting down both the Ashley Madison and Established Men websites. However, they also publish the usertable for Swappernet with the rationale that this was the only site with cleartext passwords contained in the database. So, they are going after swingers, but only partially, and leaving the gay folk alone. The Ashley Madison site also requires females to sign up for this to work at all. The male/female ratio is heavily skewed towards males, especially after deleting the constant influx of bogus female accounts meant to drive traffic to webcam girls. However, that still means there are real females on the site looking for a very discreet affair. One would assume they are cheaters also. Yet, their statement contains this sentence:

    "Too bad for those men, they're cheating dirtbags and deserve no such discretion."

    What about the cheating dirtbags who are females? That may point to an angry, vindictive female hacker but I am confused by their strategy. They didn't dump the entire Ashley Madison database. They didn't even just dump only the males on that database. They are releasing the details on one account per day until both the Ashley Madison and Established Men sites are shut down. I would think that releasing the data all at once would effectively shut down those websites without the power trip game/drama. This is the main reason I am leaning towards a vengeful insider as the culprit. Their statement includes stuff that appears to be personal:

    "Well Trevor [ALM's CTO], welcome to your worst fucking nightmare."

    "And it was easy. For a company whose main promise is secrecy, it's like you didn't even try, like you thought you had never pissed anyone off"

    Yet, there is the following statement as well.

    "Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this."

    The tone, and inconsistency, of those two statements reeks of anger and bragging. It certainly does not fit a purely moralizing hacktivist.

    Finally, the name "Impact Team" was probably inspired by the recent "Hacking Team" exploits. I can't help but notice though that the acronym is "IT". If, in fact, a former member of ALM's IT department is seeking revenge than ALM probably already has a good idea who it is. Although, like most companies, they will attempt to keep all details secret while reassuring their paid subscribers that everything will soon be OK.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Jul 2015 @ 8:34pm

      Re: potential culprits

      Thats some nice detective work there.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Jul 2015 @ 2:21am

      Re: potential culprits

      Cheating dirtbags who are females? What about them? Anyone knows you don't criticize women or gays. Nobody's that dumb.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Jul 2015 @ 7:17pm

    Can they do that???

    Can you really even copyright subscriber data in the first place???

    link to this | view in chronology ]

  • icon
    Paraquat (profile), 20 Jul 2015 @ 9:23pm

    How was it done?

    I'm just wondering if anybody knows just how the site was hacked. What OS was Ashley Madison running? Which web server?

    link to this | view in chronology ]

    • icon
      Paraquat (profile), 20 Jul 2015 @ 9:30pm

      Re: How was it done?

      OK, I just checked (should have done this before posting). According to Netcraft, ashleymadison.com runs of Linux using nginx as a web server.

      Of course, hacking could have been via security holes in php programming, rather than the OS and server software.

      As someone very sceptical of systemd's security, I also wonder if that could be the source of the breakdown.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Jul 2015 @ 9:53pm

    Security, Zuma style

    The AshleyMadison copyright/DMCA solution is worthy of Jacob Zuma, the South African Prez; a known womanizer (some would say rapist). He famously claimed to have safeguarded himself from a potential HIV-infection from a lover (victim) by taking a shower!

    link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 21 Jul 2015 @ 12:04am

    Is there anything copyright can't do??
    Oh yeah, it sure as hell isn't going to save AM.

    link to this | view in chronology ]

  • icon
    tom (profile), 21 Jul 2015 @ 7:32am

    The DMCA thing sounds like Lawyer 1 asking Lawyer 2 how the company can appear to be in compliance with the Due Process/Due Diligence requirements of basic computer security before they both had to appear in a meeting with board members to discuss the company's action plan.

    When lawsuits get filed against the company over lack of basic data security, I wonder how many Officers of the Court will be ethically required to recuse themselves due to their having accounts?

    link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 21 Jul 2015 @ 12:49pm

    DMCA takedowns are turning, culturally, into a universal data-suppression tool.

    Now people, companies, specifically, are assuming that DMCA takedowns are for any information online that you want suppressed, not just incidents of infringement on content you own, but anything.

    The carpet crawlers heed their callers...

    link to this | view in chronology ]

    • icon
      tqk (profile), 21 Jul 2015 @ 4:05pm

      Re: DMCA takedowns are turning, culturally, into a universal data-suppression tool.

      Yes, and wouldn't this be an excellent case to apply sanctions against false DMCA takedowns? They're abusing the law because it's easy and there's no penalty for doing so.

      link to this | view in chronology ]

  • identicon
    barbara whiteman, 22 Jul 2015 @ 7:17pm

    call 5702908280 if you're looking to get your profile deleted from Ashley-Madison Dating network .

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Jul 2015 @ 7:37am

      Re:

      Interesting - is the number listed some kind of lo-rent swatting effort? Or crappy fear separation of people from their money?

      link to this | view in chronology ]

  • identicon
    zenka10, 21 Oct 2015 @ 1:23pm

    You can poop in one hand and fill the other with trust and you'll see which one weighs more! Truth is ALL men are sneaking pigs. Every women should carry a dough roller in one hand, and install this Android on their pigs phone with the other. There's no longer any reason to "trust", you don't even need to sneak into their phone now'days. Get married, find the truth, get divorced and start living! https://www.youtube.com/watch?v=0PCWYkQHTf8

    link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 21 Oct 2015 @ 1:52pm

      Um... that's an express train to a sucky relationship.

      If you can't trust your man, don't have him as your man. It's easier on the rolling pin, and it means you don't have to betray someone by installing malware on his phone.

      My approach has been to try to find people who know themselves, and are willing to be truthful with me from the beginning, even if it means admitting to uncomfortable tendencies, like needing the D from multiple directions. That is a place from which we can negotiate far more easily than the discovery of a betrayal.

      Part of it is that infidelity is fun in fantasy. That's why we like to write about it in fiction a lot. If that's what is driving your sweetheart to someplace like Ashley Madison, there may be ways to appeal to the fantasy without having to deal with the consequences of reality.

      Of course, if your partner is going to Ashley Madison because you're distrustful and suspicious of him all the time then maybe you weren't compatible from the beginning. Find a guy you can trust.

      More generally: Distrust feels degrading even when it's not personal. When a store clerk requires me to entrust my bags with a clerk while browsing, it creates from entering the store a tense environment where customers are presumed to be potential thieves. It's also why discs that have unskippable anti-piracy adverts are distasteful in that they imply the owner (who probably paid for the media themselves) is a media pirate.

      Don't DRM your love life. If you cannot trust any man, steer clear of men.

      link to this | view in chronology ]

    • icon
      tqk (profile), 24 Oct 2015 @ 8:28am

      Re:

      Truth is ALL men are sneaking pigs.

      Your "all men are pigs" is balanced out by my "all women are crazy." We're even. That's what we've got to work with so go from there.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.