Canadian police say suicides might be linked to the Ashley Madison hack. While most potential affected users come from North America, the leaked data suggests hundreds of thousands of Europeans might be implicated too.
In April, eying a flotation of Ashley Madison’s parent company on the London Stock Exchange, its Canadian chief executive boasted about the infidelity site’s increasing appeal in Europe.
“In hard economic times we haven’t just been a recession-proof business, we’ve been a recession-growth business,” Noel Biderman told Newsweek.
According to Biderman, Ashley Madison’s user base was strongest in Spain with 1.3 million Spaniards having signed up within the last five years, followed by Britain with 1.1 million registered users. In Italy, Germany and France, the site claimed to have between 600,000 and 700,000 users each.
Many European users
Biderman’s numbers seem to correspond broadly with the leaked data, Juan Alonso, chief technologist at Spanish IT firm Tecnilogica who produced a popular anonymised global map of Ashley Madison users told DW by email: “Yes, the numbers seem correct.”
A Tecnilogica analysis of the anonymized data found 1.2 million users in the Britain and 1.1 million in Spain. For Italy Tecnilogica came up with 550,000 users, while Germany and France featured with 390,000 and 330,000 respectively.
“Those figures sound feasible to me,” Troy Hunt, an Australian security researcher who developed “Have I been pwned”, a site that tracks major security breaches and allows users to check whether their email account has been compromised, told DW by email.
The Germany-based Hasso-Plattner-Institut (HPI) announced today that it had included the Ashley Madison data containing some 300,000 email accounts ending with de for Germany in its “Identity Leak Checker” tool enabling users to verify whether their data was compromised.
A spokesperson for Germany’s federal police (BKA) told DW that it was currently not involved in Ashley Madison investigation carried out by US and Canadian authorities.
The massive hack has already had global repercussions.
The Pentagon is checking whether members of the US military were using the infidelity service after more than 15,000 email addresses connected with the US government surfaced in the stolen data. Extortionists have reportedly begun targeting Ashley Madison users and similar sites are worried they may be next. And the company itself has been sued for $578m (about €497m) by Canadian users.
The potential damage to Ashley Madison users whose data – including sensitive personal information – has been comprised by the leak is great. On Monday, police in Canada said the leak had triggered extortion crimes and may have led to suicides.
“As of this morning we have two unconfirmed reports of suicides associated with the leak of Ashley Madison customer profiles,” Toronto police Staff Superintendent Bryce Evans told reporters.
But a big question is how much of the information contained in the leak is accurate and could be exploited by criminals.
“We cannot be sure of how many real profiles are in there, neither how many active users,” said Alonso.
Validity of the data
Since Ashley Madison did not normally verify its users email accounts, many of them could be fake. The same could be true for other data provided by users such as birthdates. As the “Washington Post” reported, more than 36 million different birthdates were registered with the site. “And if everyone is telling the truth, one out of every 12 Ashley Madison members was born on New Year’s Day.”
What’s more, an Internet security expert told the “Daily Telegraph” that some online dating firms “are known to known to artificially boost the number of profiles they have in order to make them more attractive” by culling information from other sites and adding it to their own.
Making matters worse for the site’s users, the stolen information is also not relegated to the so-called Dark Web or darknet, which is not accessible via regular search engines, anymore. Instead, “it’s actually very easily downloadable from anywhere,” said Hunt, the Australian security specialist.
Asked what affected Ashley Madison users should now do, he offered this bleak assessment:
“Identity protection and discussion with partners is about all individuals can do. The data is now public and will forever remain that way – it cannot be removed from the web.”