As the hackers who declared war on the Ashley Madison website for those seeking extramarital affairs continue to release databases with the details of subscribers, millions of users fearfully await the potentially destructive consequences of the exposure.
Many online articles have suggested that readers should check to see if their partners appear in the database files, but someone else has decided to offer help to the subscribers themselves. Prof. Yaniv Erlich, of Columbia University’s Department of Computer Sciences and the New York Genome Center, and his colleague Assaf Gordon, have published a first-aid kit for anyone who surfed the site, to help them with damage control.
“We don’t support the use of such websites, but we are firmly opposed to revealing people’s private information,” Erlich told Haaretz in order to explain his decision to help users of Ashley Madison.
“It’s hard to say how many Israelis have been affected. Israelis wasted almost $1.4 million on the site. I checked the credit cards originating in Israel, the transactions are easily identified because they include the user’s full name and address. All these people are at risk,” Erlich said.
“If there’s even a small chance you used your Ashley Madison password in other websites, even with other email addresses or user names, change the password for these accounts. Ashley Madison passwords will likely be compromised in the future. Also, change the answers to any ‘security questions’ (such as your first school or your mother’s maiden name), the scientists advise. They recommend changing the email address for any sites, such as Facebook, that were used to sign up for Ashley Madison — and if possible to erase that email account entirely. They also recommend changing phone numbers and canceling credit cards that were leaked.
Erlich and Gordon warn that websites that offer a search of the list of emails that were leaked also collect information about the users and their Internet searches, and therefore this is an additional risk, but they suggest to find out if your name and other details have been leaked by checking a search engine that does not collect private information, such as startpage.com.
Among the more interesting pieces of advice, Erlich and Gordon suggest that users “minimize digital exposure: If you used the Ashley Madison email address in other websites or apps (such as Facebook), immediately remove it from your profile. If you don’t have another email account, create one. Posts and messages that contain the Ashley Madison email address should be deleted. The goal is to reduce the chances that future searches for Ashley Madison email addresses (and other Ashley Madison items) will return current information about you,” they write.
They also suggest using a fictitious identity similar to your real one. The subterfuge will probably not confuse your partner or your friends, but is likely to make it difficult for people who don’t know you to link the email address that was leaked with your real identity.
Erlich and Gordon also warn that Ashley Madison users are exposed to additional damage in the near future as a result of the leaking of the databases. “But this is just the start. Ashley Madison users and their families might be at the gateway of privacy hell,” they write on the blog. They claim that soon there is likely to be an app that compares the emails on our list of addresses to the emails in the database, or a Facebook app that will offer to reveal which of our Facebook friends has used the adultery website.
“Hell is when the same company that develops such an app asks Ashley Madison users for a ransom ‘cleaning fee’ to remove their email from the app database,” they write.
“Please also remember that doctors treat everyone, even terrorists and mass murderers. We try to provide help based on our knowledge and experience in the technical aspects of online privacy and not to judge 39 million individuals for their poor decisions.” write the scientists on their blog.
“Even if you have no sympathy for the victims of the Ashley-Madison data-breach — “they deserve to be forever flagged as cheaters”— just extrapolate to the next privacy data breach: Perhaps it will be of users of the OKCupid dating website, or of a closed support group for LGBTQ teens, or the clients of a drug-rehabilitation center ... All of them, and us, deserve privacy.”