FYI.

This story is over 5 years old.

Tech

Coders Are Making It Easy to Look Up Emails from the Ashley Madison Hack

Millions of people’s most intimate secrets are now just a simple search away.

A massive trove of hacked data from online dating site Ashley Madison was posted online Tuesday evening, and there are already myriad websites making some of the data publicly accessible in a more easily searchable form.

One website called ashley.cynic.al, which was purportedly created by the same person behind the Adobe leaked password checker, enables visitors to search for email addresses contained within the dump. Another website, checkashleymadison.com, offers a similar service, but with the added ability to search by phone number, too.

Advertisement

In other words, millions of people's most intimate secrets are now a search away, just as the prophecy foretold.

One of the two creators of checkashleymadison.com reached out to Motherboard on Wednesday morning, and spoke with me via phone about their motivations for creating the site.

According to the person I spoke with, who asked not to be named, the site's creation initially arose from a desire to make the unwieldy, 10GB trove more searchable for those worried that their data, or the data of people they know, might be contained in the hack.

However, "at a certain point it went […] to how fast can we accomplish this technical challenge?" the creator I spoke with said. "It became more of a puzzle than anything else. How fast can we get this up? How many users can we serve?"

The pair purchased the domain around midnight, central time, Wednesday morning, and had the site online by about 3:30 AM. Shortly after noon Eastern time, 1,600 people were actively viewing the site, according to one of its creators, and about 12,000 unique visitors had visited the site during the span of an hour earlier that day.

I asked if they had considered the implications of making an archive of such sensitive data more easily searchable. Troy Hunt, for example, operates a similar service called Have I Been Pwned?, and made the decision to only notify those who had signed up to receive his website's alert, thus limiting who could access information in the dump to only those whose data was contained in the leak.

"Are we helping the victims, or are we helping the spouses of the victims to find out their spouses were cheating on them?" the person I spoke with asked. "Of course, if we make it easy for [the victims], it's also going to make it easy for their spouses."

After a long conversation, the pair decided that "given the availability of the data, and people doing raw, pastebin stuff, it's out there, and we're really not changing the barrier to accessibility all that much," the creator said.

It's worth remembering that the presence of an email account in the Ashley Madison database does not necessarily mean the owner of that address signed up for an account. In response to certain queries, ashley.cynic.al will helpfully tell users that "the email address was not verified by the account owner, so this may not be a genuine account."