Ashley Madison: Leaked accounts fallout deepens

By Chris Baraniuk
Technology reporter

image copyrightAshley Madison
image captionAshley Madison data is currently being scoured by media groups and individuals

Data from the Ashley Madison website breach has flooded on to the web, leaving thousands of people fretting about the potential consequences.

Several big names have supposedly been "outed" by the press after the release of personal information stolen from the dating website, which is aimed at married people. And generally speaking, there is huge potential for damaging people's reputations.

There are questions about how - or whether - Ashley Madison will recover from the incident, which has the potential to be one of the messiest and most legally troublesome data dumps in history.

What are people doing with the data?

There are already some who have tried to tie names and email addresses in the database to real individuals. One particularly widely reported incident concerns two Australian DJs who, while interviewing a concerned listener live on air, revealed to her that details identifying her husband were present in the database. The woman responded in shock, saying: "Are you freaking kidding me?" Shortly afterwards, she hung up.

One of the hosts admitted: "I don't know if we should have done that. That hasn't left me with a good feeling."

It's worth noting that people were able to sign up to Ashley Madison using false names and email address - no email account verification was required. One Scottish National Party (SNP) MP, Michelle Thomson, whose email address was among the millions included in the dump, has said the address was harvested by hackers and that she never contacted the website herself. There are also a number of obviously fake details - including an email address for FBI agent Fox Mulder, a character on TV show, The X-Files.

Who else has been linked to the site as a user?

One allegation hitting the headlines is that anti-divorce activist and US TV personality Josh Duggar had an account, though he has yet to comment on the claim. Further to this, a wide range of public figures and government employees' names and email addresses have been found in the data, but again it's not clear whether this is indicative of actual use of the site. The list includes names of police officers, government officials, members of the military, diplomats and senior politicians. No such individuals have so far publicly admitted using Ashley Madison.

What are the implications of being able to search the data?

Several people have created tools to let users search for email addresses in the data, but it's not always clear how these tools are working, how accurate they are, or whether they are recording such search attempts. Microsoft-accredited security expert Troy Hunt has published a tool to allow people to be notified if their email address is part of the dump, but does not allow people to search through it at will. He has also written a Q&A explaining why he believes doing so would be unfair.

A breach of privacy may have occurred if personal information has been discovered and published, according to Mark Watts, head of data protection at London law firm Bristows. In such cases the victim may decide to sue the perpetrator.

However, searching the data on an individual basis and purely out of curiosity is not likely to be considered illegal. "Simply looking at it itself as an individual shouldn't be a problem," he told the BBC.

Did Ashley Madison users take steps to protect themselves from this?

Besides using fake names and email addresses, some users had in the past paid Ashley Madison to remove their data. Previously, Ashley Madison's chief executive told Ars Technica that data would be deleted "permanently". However, multiple reports have now alleged that data which users paid £15 ($23) to be removed actually remained in the database that has now been made public online.

Avid Life Media, which owns Ashley Madison, did not respond directly to a request for comment on the claim. Mr Watts said users might, in theory, be able to make a claim against the company that there had been a breach of contract. But he said such a move would be complicated, costly, and risk further exposure.

Would the Data Protection Act aid people here?

A question mark exists over whether Ashley Madison was in fact subject to the UK's Data Protection Act. Mr Watts said that for this to be the case, the company would have to have some physical presence, such as an office or server, in the UK.

"If we assume they are somehow subject to [the act], then people have a right to have their data deleted for free. You can't charge for it," he said. "That would potentially be an issue."

What about the legal consequences for married couples?

If someone suspected their spouse of adultery or infidelity, finding identifying details within the Ashley Madison details could be grounds for a divorce case, according to Marilyn Stowe, a prominent British divorce lawyer who spoke to the BBC. Evidence that a husband or wife had used the site could be considered "unreasonable behaviour" she explained.

"Even if you're not able to prove adultery, which is one basis for an immediate divorce, unreasonable behaviour is another one," she said.

Related Topics

More on this story

Related Internet Links

The BBC is not responsible for the content of external sites.