Here's what Ashley Madison members have told me.My apologies for not being able to respond to you personally, I'm addressing questions of this nature via a Q&A you can find here: http://www.troyhunt.com/2015/08/ashley-madison-data-breach-q.html
Lack of support from Avid Life Media
This is one of the things that struck me most about the entire incident—the very poor communication from Avid Life. At the time of writing, there has been no direct communication with members that I'm aware of, no notification on the front page of www.ashleymadison.com and in fact the site still talks about "discreet encounters," "trusted security" and "100% discreet service."I tried to reset the password and call them but they aren't answering phones or responding to emails
The way they've handled this incident has been appalling—it's as if they've just stuck their fingers in their ears and sung "lalalalalala." And no, the legal action they've taken behind the scenes to track down the perpetrators and issue DMCA takedown requestions does nothing to actually protect the impacted individuals. By now, we should have seen the usual offer of identity protection, admission of guilt and at least something to try and assist those who are having their lives torn apart by this. Instead there's nothing. Nada."I'm just a guy here with a wife that I really do love, I regret what I did, and I have two beautiful kids that will get sucked into this"
People aren't really concerned about their financial information
Even then, the requests about cards were thrown in with other queries about the data. Perhaps Avid Life made that statement to appease the PCI folks, but certainly card data is the last thing Ashley Madison members are worried about right now.How would I find out if any of my credit card info and/or email addresses have been breached? Thank you.
Lack of tech savvy
My question to you is Ashley Madison has not responded to request for a password change. So does that still get me the notification alert from you?
Now this website [redacted] if someone went to them and wanted to get my information & paid for this service. With having my email address. Could people get my information or would I get a notification from you stating that someone is requesting it?
Tor, BitTorrent and MySQL crash courses
Can I check any of this myself using a Tor browser, which I do not know how to use?
I have downloaded the data but I can't really make any sense of it, or in fact can't even open some of it up as its too large
I can totally understand the desire here but this simply isn't data that's consumable via your average person. Discovering it via Tor or downloading the torrent isn't particularly hard, but actually parsing the files and combing through the personal data spread across multiple tables is no simple task. For your average person, setting out to try and do this poses another risk altogether…I have downloaded the dumps, but I am not very handy so I'm not finding anything relevant at the moment. I own a Mac and I don't know how to open them, apart for using the standard txt editor and searching around.
Falling victim to malware and other online scams
It seems easy to download the complete list from the pirate site. However the associated applications seem very dodgy
"I wanted to know if there's a way I can do a name search."
Requests to search by fields other than email
Is there a way u could search on my name if I gave to you
Will this data dump be eventually searchable by bill zip code?
In some cases, people genuinely didn't know what email address they'd used. In other cases, I'll speculate and say that people were wanting to check up on other individuals which, of course, is precisely why I don't allow a search on HIBP by anything other than a verified email address. Searching by zip code is a perfect example—people don't want to do this to check their own exposure, they want this feature to discover a range of people.I wanted to know if there's a way I can do a name search.
"I do not remember what was on my profile but am desperate to find out."
Data requests
It's been so long I genuinely don't remember if I used a credit card, exchanged messages, what kind of personal information might have been in the profile, etc.
And i don't know if there is any point in asking you but can you tell me what information about me is in the dump?
I do not remember what was on my profile but am desperate to find out.
I am hoping to find out how much of my data is exposed and to prepare for the worst.
I just found out my husband's AM account is part of the hack. I want to know what information he put on the site.
Is there any way you can provide me with the info related to this email? At least then I can delete this email account and move on.
Now I am looking to confirm what I believe to be true so I can do damage control when the inevitable takes place. Some key info I want to find are:
- CC Txns (if any at all and corresponding date)
- Last Login
- Number of Logins
- Sign Up Date/Time*
- Cancellation Date/Time*
This is understandable – people want to assess their exposure – but I always declined not just because I simply couldn't do this for everyone, but because I have absolutely no desire the see personal information of this nature from Ashley Madison and then communicate directly with the impacted individuals about it.Is there no way you can tell me what info about me is on here? I've tried to locate the data and cannot, I need to know how to prepare for this. Thanks
"I just found out my husband's AM account is part of the hack."
Please erase me from the internet
I wonder if you could offer advice for trying to hide it again, take it off, remove it etc. or can this even be done?
Can I please unsubscribe my email so no one else can search me?
Do you know the reasoning why the company has not been successful in removing the material on Pastebin through the Digital Millenium law?
As someone said to me in one of the comments on my blog, trying to remove your data from the web is "like trying to remove pee from a swimming pool". I added the DMCA comment in there as well because this has come up many times in the press. There's a good piece on it in an article that emerged after news of the attack first broke last month (paradoxically, stating that DMCA is the reason the full data hadn't been leaked), do read Parker Higgins' comment about the "fraudulent" use of the act in terms of its' use for removing data breaches. Regardless, a US law will in no way stop the mass distribution of this data, particularly via a decentralized mechanism like torrents.Could you assist in getting [redacted] off the AM dark web list?
Can I please have the dump?
Hi, can I get the bulk data dump for Ashley Madison
It's an easy answer—no. At least you can't have it from me.can I trouble you for the tor page link?
Payment records de-anonymizing members
My main fear is my credit card would be associated with the account at AM.
I used a burner email address but paid once for a full membership. Now it seems my name and address are affiliated with the breach.
My email is private, just for Ashley Madison.
My real concern is, Is there any data which can be used to trace AM to me? For instance, I paid by a personal credit card when I first enrolled. How much trouble am I in?
That last one was from someone who commented on this blog using only a very common first name not linked to a profile but clearly the whole saga got them very worried about their own operational security. Obviously some members were conscious of protecting their identity in terms of hiding their membership, but didn't think through the digital footprints they leave by making online payments. Whilst the payment files don't explicitly reference the identities in the membership database, both store the users' IP addresses, often allowing you to make implicit matches across the two.Please please please delete that comment! It regards if cougarlife was hacked?! I dont know how to delete it… I think i accidentally logged into fb while posting when i thought u could be anonymous
The impact of public search services
What. The. Fuck. I appreciate the curiosity that some people may have in terms of searching for other people they may know, but searching for groups of people within an organization and for that organization to be a church is unfathomable enough, but to then call up the spouse and notify them beggars belief.So got a call, from our church leaders yesterday, saying my husband's work email was on [redacted], oh my!
Incomplete data on other search services
In fact I was so intrigued that I investigated it in more detail as the last thing I want is any inaccuracies in the HIBP data. What I found was that the two services mentioned in the above messages did not include some email addresses from the payment history files. This is alarming as it may be creating a false sense of security for impacted individuals and it just goes to show the responsibility those of us standing up services like this take on board.Why does my email address--[redacted]--appear on yours but doesn't appear on three others, like [redacted] and [redacted]?
Closed email accounts and erasing the evidence
I used an alternate email address and have since canceled it out of sheer fear. How can i find out what, god help, if any of my info was leaked.
I had an email account [redacted] that I deleted in panic when the AM leak came out. I can see on other sites that it is included in the breach, but now that you've added the filter I can't see it on HIBP.
There was simply nothing I could do in these cases. Of course they could always search on another service which didn't require verification that they could access the email account, but certainly HIBP wasn't going to be able to help them out. The obvious problem here is that for all intents and purposes, "I don't have access to my old email account" is the same thing as "I don't have access to someone else's email account."This account was closed when the business was closed down early last year as it went through a third company that supplied our web site at this time.
Is there any way i can find out where the breach occurred ???
"Last night my wife asked me if I was one of the people that was using Ashley Madison."
Accidental members
I actually never signed up for this website which has lead me to believe that I have been victim of a scam. I have had numerous warnings of viruses on my computer. Perhaps this has something to do with it?
People like me are on the list despite NOT signing up on the website, because the website did NOT verify email addresses and someone gave mine as a supposedly fake address.
However, people seem to sign up for things all the time with my email address and I usually ignore it or do a quick password change on them so they have to move on.
Of course these messages may also be ploys to convince their significant other that their presence on Ashley Madison was indeed none of their doing. The additional data attributes in the breach would tell the full story, which may also explain why I got so many data requests.Last night my wife asked me if I was one of the people that was using Ashley Madison. I haven't used the service but I know she's going to obsess about this so I did a search on a couple of sites where you could search email addresses for users. MY email address, this one, had a hit which is really perplexing to me since I've NOT used the service. Could someone have used my email address?
Suspicious wives
I wanted to know if you can search my husband's name/info for the Ashley Madison hack. I have found the AM site shown 2 times on his IPad history & a MILF hook up site when I looked at the history He claims they were "pop-ups" from porn sites.
There's a lot of speculation about what the actual split between men and women on the site was (although I've not seen much on sexuality so am working on the assumption of predominantly heterosexual relationships), much of it relating to fake female accounts possibly created by Ashley Madison or accounts created by sex industry professionals to lure men into paying for services. It's all very conceivable and whilst we'll never know the actual numbers, I can say with great confidence that AM is very heavily male biased.That said, I have 20 years of my life invested with my husband & my gut tells me he is lying about it being on the Ipad & there are other things that lead me to believe he was a "member."
"Innocent" members
Whilst Ashley Madison may not represent the same moral high ground as other dating websites, there is a world of difference between someone in a committed relationship seeking out an affair and a single individual looking for a partner.HELP! I signed up for AM one night bit I'm actually single. I used my real email but fake info the rest of the process.
Alternate purposes for membership
As a divorce attorney who often searched AM for my clients (and found a couple of cheaters there), I think it should be addressed that there are most likely women who merely joined AM as guests without paying or ever actually engaging- for the sole purpose of attempting to catch a cheating spouse.
You can't help but feel doubly sorry for these women; not only were they dealing with their husband having an affair, now they're also implicated as members of Ashley Madison themselves. It's a terrible situation to find themselves in and again, a poignant reminder that an email address on the site does not mean the individual intended to cheat on their partner.I joined this site for 2 days about a year and half ago after my husband had an affair. I was having significant trust issues and joined ONLY to see if he was on the site.
Incorrect conclusions
This was actually for Adobe, the same breach I had three different accounts in!Look dude, my wife want a divorce now since my email shows 'owned' when she put it in. Can you explain to her it's not for the Ashley Madison hack its checking the all pwned sites
Membership was from a different phase of life
Was a guest briefly some time ago. Different circumstances. Wanted to check now as life has changed and be sure.
I don't recall ever even visiting the site, but it's possible in some moment of general curiosity to see if people actually did that sort of thing.
Several years ago, when I was single (and recovering from a very bad breakup), I took out a profile on Ashley Madison
Not really worried as these are all old accounts from my single days but just curious as to what's floating around on the web.
I am single and not married, so this leak would make small harm, but it's a scary reminder of the perils of this new world we live in.
I was an AM member back when I was single and although technically shouldn't be concerned, my partner now is not one to take my word for it and will force me to sign up for notifications/verify my email and check my email.
It was never really serious…
I know you're not judgmental, but I'd be remissed if I didn't state that I never actually met anyone—it was more of a game to see how i could get responses.
Never did anything but look around and deleted in like 2010. Really sad and scary.
Long story but was not cheating at all but had a profile created and then paid to have it deleted with their pay to delete function.
I joined Ashley Madison one night bored, honestly. Used my real email , but fake info from there on and never used a CC or got a real membership. Spent 15 mins and have never been back
I've been caught up in it, my own story a drunken evening, curious about the site, signed up, thought, OMG this is not a good thing to do, got out of the site, never touched it again
"No question I made a terrible, terrible mistake and pray to god this doesn't come out and ruin my family."
Remorse
No question I made a terrible, terrible mistake and pray to god this doesn't come out and ruin my family.
I am not married but Ashley Madison was/is a mistake I made and wonder how much risk I am at being publically [sic] embarrassed and more importantly embarrassing my Parents and Siblings.
I feel pretty sick and foolish - I've done nothing other than a few two sentence chats but I still don't want to have to deal with this.
Last night was the worst night of my life. Found out my AM account had been breached.
I regret having signed up to the site and now terrified about hurting those around me, especially the one I love.
I am absolutely sick. I can't sleep or eat and on top of that I am trying to hide that something is wrong from my wife.
My wife found out about it after I had exited the site and we have gone through a long period of working on our relationship. Its been a long and painful journey - but a private one - and we are closer than ever before, and I bitterly regret what I did.
Fear and desperation
I love her very much and don't want to lose her, I am deeply worried that she will leave and greatly impact my life.
I literally cannot sleep and never met anyone but am terrified as what might happen.
I never met anyone on the site, I'm not married, but this has me spinning. I need advice. Please help.
At this point I'm desperate. Worried that something like this could ruin my life/marriage when I was not on that site for anything that I can remember, possibly curiosity/joking with friends, but I can't recall. I've barely slept over the past day due to worry
This while [sic] situation is very confusing and scary.
My stress levels are through the roof, still hoping that by some miracle this will just be forgotten about and no one will want to search me up.
My last resort is asking you if you could PLEASE PLEASE PLEASE help me out and let me know what you have on me.
Sorry, I appreciate that must sound like a completely naive/desperate question, but that's the level I'm playing at.
Admittedly, it was hard to read comments like the last one and not feel resentment. Having that canned response available and merely directing people to the Q&A saved me from having to construct very difficult personal responses to emails like this. But do take the other ones on board too; this is the real world consequence of this event.What would be impossible to explain away - and what I would most feel guilty about - is the very detailed personal intimate information about my wife shared with strangers during my 'erotic' chats.
"Still hoping that by some miracle this will just be forgotten about and no one will want to search me up."
The impact on families
But I'm just a guy here with a wife that I really do love, I regret what I did, and I have two beautiful kids that will get sucked into this too. Its just horrible.
I have couple of 3 year old kids. I can tell you my amount of activity on these site was basically limited to one or two session logins and more of just curiosity on what's there…..And in this case, looks like curiosity could kill the cat.
I read that last one right before going to bed last night and it was difficult to grasp; extramarital affairs tear families apart. You don't need Ashley Madison for that to happen and arguably the guys making these comments deserve to go through some degree of pain, but you can't escape the human tragedy that this data breach has brought to a head. It's hugely distressing not just for the members who did indeed have affairs, but their families as well.Tell your wife and kids you love them tonight. I shall do the same as I really don't know if I will have many more chances to do so.
Real world consequences
One of the big concerns has always been that someone will take their life as a result. Allegedly, this may have already happened and it's hard to see how it wouldn't happen with such a huge user based impacted by such a significant event on so many lives.adultery is a punishable offense under the U.S. Army's Uniform Code of Military Justice, and while simply having an active account at this website doesn't indicate any wrongdoing, it's possible that as the data become more publicized, some people are in for a lot of headaches.
Impact on professional life
How can this show up in a back ground check for jobs or anything if I have and provide this new email account to the admission boards and employers?
How do I keep it private from clients, customers, relatives etc.
I would like to know as I am very concerned but the whole mess and am a school teacher and really want to know what information they will eventually have access to.
In an era where employers are increasingly focused on building profiles of potential hires, I totally understand the concern. There's a good example of this concern in the public comment thread of my first Ashley Madison post and you can sense the trauma this is causing the woman. That thread also demonstrates that whilst this is never something that should be used against someone seeking employment, the reality is that it will become one more data attribute in the increasingly rich profiles that are built up about individuals. There will surely be those that pass judgement against members regardless of their context on the site, let me give you some examples.And now my email address (which is my actual email address…dumb) is available to anyone who searches it. I am a professional and this could potentially be devastating.
They got what they deserved
JUSTICE for all the good people getting cheating on. Im glad the list has been exposed.. I don't care if other innocent people that weren't cheating were exposed that's the risks you get when signing up for this crap online TOO BAD.
If you ended up using an email address that you've shared with anyone else, you deserve to have your information exploited in such a way.
the fact that 30 million sleazebags had their identifies and details revealed by these hackers fills me with amusement more than horror. The only improved result to my mind would have been a letter addressed to their home addresses with ASHLEY MADISON membership update printed in large letters on the front.
The chickens come home to roost. I'm glad someone is providing some true justice in the world. It sucks to be cheated on and I hope everyone on that site feels like shit and loses someone who truly cared for them.
These are largely from public comments made on posts such as my original one on how I'd handle the data breach. I hope this offers some perspective to those who wish to pass blanket moral judgements on everyone. As much as Ashley Madison's mission statement is centred around the premise of infidelity, this incident is far more complex than just a bunch of cheating spouses.Anyone who signed up to this sick site deserves everything they have coming to them.