The Ashley Madison hack, which took place in July, was one of the most high-profile data breaches ever, resulting in 37 million user accounts being spewed across the Internet.
The Avid Life Media-ran website was taken down by the hacking group Impact Team, which then released the account details of users including names, credit card records and email addresses.
For any other business, the data breach would have meant a reputation hit, free credit monitoring would be offered and the company would have faced angry customers for a bit. Perhaps insurance would have picked up some of the breach costs. But Ashley Madison wasn't your average website. Ashley Madison served as a marketplace for people looking to have discreet extramarital affairs and casual relationships.
While you shouldn't immediately judge users for having accounts on Ashley Madison as you don't know their circumstances -- were they drunk and browsing? Single and after a casual fling? On the site with their partner's blessing for whatever reason? -- the site was also, undoubtedly, used by those having affairs behind their partners' backs.
For Ashley Madison users, free credit monitoring wasn't much of a fix. And the fallout continues even though folks' Ashley Madison usage was discovered by bosses, families and partners weeks ago.
Here's one tale about the ongoing Ashley Madison fallout. For one anonymous user, who I'll call Tom in order to protect his identity, the story may have faded from the headlines but it's far from over for him.
Tom reached out to ZDNet after receiving an email from an impact-team.com address blackmailing him as a former Ashley Madison user. Titled "Action required regarding recent security breach," the email said:
"I'm sure by now you have heard about our work on a certain online dating site. And now, we are preparing a letter to be mailed to: (family address). The letter details all of your activities on Ashley Madison, including your profile information, your login history, and credit card transactions."
The email then went on to include records of Tom's Ashley Madison subscription, dates, and money spent. The group demanded that Tom send two Bitcoins in the next 96 hours -- worth roughly $500 at the time of writing -- to a dedicated Bitcoin address to stop the letter being sent.
If Tom complied and bowed to the blackmail, his account information would apparently be removed and would not be available on a "publicly searchable website" the attackers allegedly are going to launch in the coming weeks.
Was the ex-Ashley Madison user tempted to pay up? When asked, Tom said the issue wasn't black and white, commenting:
"Yes, in that I was concerned of blackmail attempts immediately after confirming the data breach. No, in that when I saw the email I recognized it was an attempt to see who was REALLY worried about getting caught. If someone did pay, you're just broadcasting to the blackmailer you've really got something to lose!
In all fairness, I will be watching & checking my home mail more regularly; granted 2 BTC is [hundreds of dollars] and the price of sending a letter is nothing by comparison. I'm still thinking about this and what to do if a letter did come."
Tom has not paid up, and it remains to be seen what the consequences of not capitulating to this blackmail will be.
After all, he was simply "a guy who got caught up in all this."
Tom started using Ashley Madison in 2009, and although he doesn't remember how he stumbled upon the website, he suspects it was a matter of random surfing. After marrying his spouse in his late thirties, the couple tried to conceive and have children -- with no success.
Following fertility medical intervention, Tom's wife discovered she had a number of medical conditions which required a complete hysterectomy.
Further medical complications, a move to a new city for work and an early menopause severely diminished the wife's sex drive. The couple was under intense stress.
While "every once in a while she would reciprocate when I attempted to be intimate," according to Tom, he felt that sex only occurred when his wife realized he was "in the mood" and was "getting frustrated because it had been months since the last time."
However, Tom often felt reluctance on her part and did not feel his wife really wanted to be with him intimately.
"Have you ever been with someone sexually when you just knew that other person really didn't want to be with you but was only doing so because you wanted it?," Tom asked me. "It's very difficult to explain how I was feeling; I think everyone needs to "feel wanted" or feel that someone else wants to "be with them" intimately."
"It's that feeling that projects and confirms the other person's physical love & desire for them [...] back to them; a kind of feedback loop that reconfirms our individual perception of the other person's love," Tom continued.
While the former AM member says he truly loves his wife, he is also a very sexual person -- and the stress of a nearly sexless marriage over several years made him edgy. Arguments erupted over the smallest things, long work commutes added to the pressure and eventually, Tom wondered whether the marriage was going to last at all.
Around the time these doubts surfaced, Tom started looking outside of his relationship to reconnect physically with someone. Subscribing to Ashley Madison, Tom spent a year wading through fake profiles to find a long-term connection in which he could have a casual -- but safe -- sexual relationship.
According to Tom, he was successful in finding matches. As a result, he says he became calmer at home, the sexual frustration evaporated, and his wife was no longer feeling pressured for intimacy.
With a new, relaxed air in the home, Tom and his wife were able to reconnect on an emotional level and they sought therapist assistance to save their relationship.
Nothing changed on the intimacy front, but the marriage had improved on the emotional level and there was once again laughter in the house.
Then Ashley Madison was hacked.
When the data breach hit the news, Tom admitted he was "very nervous" due to an encounter with someone through Ashley Madison who wanted it to go beyond a physical connection and know more about Tom's personal life. He quickly severed the connection but says she became "bitter," and there was the risk that she was going to find out who he was and potentially reveal their relationship.
"Yes, this is always a risk [..] it's whether or not I was willing to accept that risk at that time," Tom admitted.
Now Impact Team has leaked customer data all over the web and search engines are available to scour through the data, Tom says he is worried about his data being online -- but is also angry about the leak and blackmail attempt. He told me:
"Impact Team can justify their actions by saying it was morally right to shut Ashley Madison down because of their business practices....and to some extent I do agree, but at the same time they KNEW this would affect the users.
So why is it OK for them to judge my personal business; who gave them the right to judge the actions of others? Who gave them the right to expose my personal information so that someone other than Impact Team can try to profit from that information?"
Tom canceled his credit card the moment he found out the data breach was real and is now deleting his AM account. However, he is now under "a lot more stress" and his old, edgy pressures have returned with full force as he lives under the shadow of his spouse potentially finding out about his infidelity.
Tom says it is "too early" to say what will happen with his relationship in the future.
In the aftermath of the data leak, some considered the hack the epitome of Karma. However, while Tom was caught in the breach, he does not view things that way, telling me:
"Now we're gloating about that person "getting what WE FEEL they deserved"? So that means we just judged that person and their actions, sentenced them in our head and then felt good about something negative happening to them.
People read or see something on the internet and all of a sudden they think they know: that persons' whole story, that persons' thoughts and that persons' feelings better than they did at that time. Wow, talk about arrogance.
We don't ask the questions to find out the "why", we just sit in our chairs, look at our screens, judge and make assumptions, then pat ourselves in the back by justifying our thoughts with "it was karma.""
No matter the reason, blackmail is an awful experience to go through, and Tom will be far from the last to receive this kind of letter due to the hack. It may be "Karma" in some eyes, but extortion based on the Ashley Madison hack is not only going to impact on former users now, but will likely continue for years to come since the data is online and available for all to see.
Spam and phishing campaigns rely on emotional responses to extort money from victims. Messages may appear to be from your bank account which warn you of unauthorized transactions, an email will beg you to help a terminally ill child or, in this case, you need to pay up or be exposed -- the key is inducing panic to make people act irrationally.
With so much personal data now immortalized online, the users of AM are unlikely ever to be completely free of such attempts at extortion. And it's not just Impact Team which will capitalize on the disastrous data breach.
I asked Tom, knowing what he does now, would he change his past choices? It does not appear so. While Tom says he would advise people considering the same route to be "extremely careful of what you put out on the Internet," he said it is not his place to judge others.
"The only person who had to live with those decisions & actions was me and the person I was connecting with. I'm a grown adult and so is the other person....we both knew what we were doing and why. [..] That's where it stopped, no one else was affected by those decisions, until someone completely unknown decided they needed to be a moral compass for everyone, and that's EXACTLY how they (Impact Team) justified it.
I did what I thought I had to [...] to keep my sanity and meet a physical/psychological need. It did change things..actually changed my marriage for the better...as long as my spouse didn't find out.
We were able to reconnect emotionally once all the sexual frustrations were out of the way. It calmed both of us down. I wasn't pressuring her & she didn't feel pressured to have sex with me. Now, she's totally in control of when we're intimate."
Tom has not told his wife about the affair but is still considering his options. He could continue to conceal his involvement and hope for the best or reveal the skeletons in the closet; either way, he has to live with that decision.
Whether you can read Tom's story and feel a level of justification, judgment or empathy, the case does highlight that the Ashley Madison hack was different.
The cyberattack surpassed the digital realm and caused severe emotional pain and stress to users and their families -- and now the group responsible for this pain appears to be cashing in through Bitcoin-based blackmail demands. No doubt, the blackmail -- and the story of Ashley Madison -- will live on.
It's a high price to pay for those who did not consider the risks when they signed up.