About a year ago, in July 2015, Ashley Madison was hacked by a group known as The Impact Team. The hackers proceeded to threaten to leak the site’s customer list if AvidLife Media didn’t shut down both Ashley Madison and sister site Established Men, which theoretically connected young “sugar baby” women with older, wealthier, “sugar daddy” men. The database was soon released…which was just the tip of the iceberg.
The first, more immediate and obvious concern was that the company’s option to pay to fully delete an account didn’t appear to actually do anything. Exposing the truth behind the “paid deletion” option was soon revealed to be a primary motive in the hack. The second was something that had been suspected but was difficult to prove until Gizmodo’s Annalen Newitz crunched the numbers in the database:
That the vast, vast majority of female accounts didn’t belong to actual human beings, much less actual women. Cross-referencing elements of complaints to the California Attorney General with the site’s source code turned up even more proof. While already bad, it’s worse when you consider that you have to pay extra to send/reply to messages, even if they were sent by Ashley Madison robots.
Strangely, even though the Avid Life Media told Reuters that they didn’t know what exactly the FTC investigation centers on, Ashley Madison’s CEO said otherwise. Rob Segal, the CEO in question, was quoted as saying that the “fembot” allegation is “a part of the ongoing process that we’re going through … it’s with the FTC right now.”
Back in September 2014, Jason Koebler of Motherboard submitted a Freedom of Information Act request for “all complaints from 2015 to the Federal Trade Commission regarding the company Avid Life Media” and promptly got a response, with documents arriving just days later. The complaints run the gamut: Some consumers just alerting the FTC to the hack and all of the personal information that was floating around the internet. Others, however, had more specific issues, like this guy who wanted the FTC to work with foreign governments to use their powers to censor the internet, or else “families [will be] broken up,” “breadwinners potentislly lose their job,” and “tourism will certainly fall.” For example:
This is in regards to the ashley madison data leak. However, like many others I want my personal information to be at least somewhat limited. Theres too many people doxxing & posting links to this data, im confident that the FTC has some ability here. In addition Id imagine that other countries would work with the FTC as if families are broken up & breadwinners potentislly lose their job, tourism will certainly fall. Please tell me thst thungs are being out in place to block such links/sites & something needs to go out to social media sites as FB & Twitter are allowing people to post the lists & from ehstbi [sp?] understand thsts [sic] unlawful.
Of course, there were also less humorous complaints:
- A citizen concerned about users impersonating others for various nefarious reasons after someone signed up for a profile using his/her name, photograph, and contact information.
- One Columbus, Ohio-based complainant implored the FTC to investigate the bot accounts as early as 2011 (props to the FTC for, at least theoretically, producing more than Koebler asked for in the first place).
- The owner of the now-defunct AshleyMadisonSucks.com alleging that Avid Life Media engaged in a harassment campaign against him, a topic that Koebler covered in detail.
There’s also an obvious question that comes to mind reading the FTC response to the FOIA request: Were there really just two complaints about Ashley Madison and its sister sites after the hack and just five in their entire existence?
Even accounting for the users potentially being worried about their privacy (though the FTC redacted all personal information), that sounds awfully low. Thankfully, though, it appears that the FTC has been motivated to act nonetheless, even if they refused to issue a comment to Reuters about the investigation.