Perhaps you haven’t been following the story, but the marital infidelity website Ashley Madison suffered a security breach in July by a hacktivist group called Impact Team in which all its account records were stolen. At first Ashley Madison’s parent corporation Avid Life Media tried to claim its data remained secure, but it later emerged that Ashley Madison’s client database was completely compromised. For the uninitiated, Ashley Madison hooks up marrieds who want to have affairs, and while most sensible people would think that’s a terrible idea, the site had generated millions of clients. Impact Team demanded the site be shut down or all the user records would be published, and yesterday the group made good on that threat and posted 9.7 gigs of records from as many as 32 million users in 46 countries.
Generally, we’re in favor of digital civil disobedience, but this latest raid seems a bit out of character for the various anonymous hacker collectives. At least until you dig a little deeper. Impact Team’s proclamation says in part, “Keep in mind the site is a scam with thousands of fake female profiles. See Ashley Madison fake profile lawsuit; 90-95% of actual users are male.” Exposing mass fraud seems more in line with the usual hacktivist modus operandi, but there’s more. Approximately 15,000 Ashley Madison accounts carry a .gov or .mil web address. Yes, you read that right—more than 15,000 of the accounts go directly back to U.S. military or government IPs. Some even carry a White House home address.