back to article The Ashley Madison files – are people really this stupid?

It has been a depressing and enlightening day at El Reg's San Francisco office as we've been churning through the Ashley Madison databases, and a recurrent theme echoing around the room is: "How could people be so stupid?" It's not the cheating per se – let's not get started on the morals of it all – but it's clear that many …

  1. Turtle

    "The Ashley Madison files – are people really this stupid?"

    "The Ashley Madison files – are people really this stupid?"

    Yes.

    1. Anonymous Coward
      Anonymous Coward

      Re: "The Ashley Madison files – are people really this stupid?"

      It looks like their database goes back to 2001 back when people weren't as cognizant of computer security/privacy. Sadly the people doing the real cheating were probably more careful than people just logging into the site once to see girls and quickly going away. What is going to be make this huge was how much they advertised on porn sites. They weren't exactly discreet in that regard. If I had to guess I would say the majority never cheated on anyone using this site.

      1. Turtle

        Re: "The Ashley Madison files – are people really this stupid?"

        "If I had to guess I would say the majority never cheated on anyone using this site."

        Considering that 90 to 95% of the sites users were men, I'd have to figure that very few of the men were successful at all - and if a woman needed to register here, I expect that, unless she was shall we say a professional and this was a way of finding new clients, then she was nothing worth bragging about, either. I feel kinda bad for such.

        I wonder if the site's owners can be sued by people whose names showed up in the database but who never actually registered but rather who were registered by someone else using their name and email. And by people who paid to have their information deleted yet wasn't deleted - they'd seem to have a good case too.

        Also waiting to see if this turns out to be an inside job.

        1. Anonymous Coward
          Anonymous Coward

          Re: "The Ashley Madison files – are people really this stupid?"

          >I wonder if the site's owners can be sued

          Count on it. Probably so many suits HP's legal team for shareholders couldn't keep up. Will go class action and big for sure.

          1. TeeCee Gold badge
            FAIL

            Re: "The Ashley Madison files – are people really this stupid?"

            I just love that attitude.

            Okay, maybe we don't like Ashley Madison. Still, the gleeful "you got hacked / ripped off / fucked, now I get to make some free money out of you in court" thing is just wrong. Smacks of kicking a man while he's down or necrophilia to me.

            Most litigants are worse than those they sue and in this case, we know they're all scumbags before they sue. Why so happy?

            1. asdf

              Re: "The Ashley Madison files – are people really this stupid?"

              Wow TeeCee how did you ever get that gold star? You really believe there is no way this FUBAR can't harm an innocent person's reputation or business?

          2. Tom 7

            Re: "The Ashley Madison files – are people really this stupid?"

            Sue the company? It will go into Chap11 and fritter away any assets.

          3. Annihilator

            Re: "The Ashley Madison files – are people really this stupid?"

            "I wonder if the site's owners can be sued"

            Well there will surely be Data Protection niggles, in the UK at least. Namely that information help be accurate (clearly not the case in the "Tony Blair is signed up" example) but also not be kept longer than necessary - given the, erm, dating website charges you to remove your old details (even if it wasn't you) suggests they're not doing this as a matter of process. Also fake data (signed up, never used) could arguably fall into the latter category.

          4. Anonymous Coward
            Anonymous Coward

            Re: "The Ashley Madison files – are people really this stupid?"

            This is scary. I've found me email address in the list, but I never signed up. Wouldn't ever have dreamed of it.

        2. Ken Hagan Gold badge

          Re: "The Ashley Madison files – are people really this stupid?"

          "I wonder if the site's owners can be sued by people whose names showed up in the database but who never actually registered but rather who were registered by someone else using their name and email."

          If, as claimed, the email addresses were not validated, then there may be no actual evidence that the people concerned had anything to do with the site. Given the notoriously long arm of UK libel law, and given the widespread assumption amongst the general public that "if you're on the list then you're guilty" then I'd be careful about claiming that anyone was on the list.

          1. Dr Dan Holdsworth

            Re: "The Ashley Madison files – are people really this stupid?"

            The notoriously long reach of UK libel law does not extend to the USA, except in special cases. The US congress signed into law an act called the Speech Act in 2010, which makes libel rulings foreign to the US unenforcible in the US if the rulings are deemed to run counter to the US constitution rules on free speech.

            Practically speaking, this means that most UK libel judgements would need to be re-run in the US courts before being considered enforcible over there, which rather takes away the point of libel tourism.

    2. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      Re: "The Ashley Madison files – are people really this stupid?"

      generally only the ones who, until up until now, hold elected office.

    4. Martin

      Re: "The Ashley Madison files – are people really this stupid?"

      "The Ashley Madison files – are people really this stupid?"

      Yes.

      A rare counterexample to Betteridge's Law of Headlines.

    5. Anonymous Coward
      Anonymous Coward

      Re: "The Ashley Madison files – are people really this stupid?"

      The whole charge to delete issue sounds incredibly dubious... And possibly illegal.

      Plus when you do delete, the record isn't removed... Oh no... They blank out a lot of your details, such as the two street fields of your address, but your first and last names remain, as does the GPS info they logged! If that's too hard to tie back to an address, there's always the card transaction logs, which have it all anyway!

      (Yes, I might have been sitting here practising my SQL skills against the tables)...

      Female:Male... 1:10 (assuming all genuine).

      London is only #6 Beaten by New York, Toronto, Sydney and Melbourne...

      Quite a few people from my local town, but I've yet to actually find anyone I know...

    6. GBE

      Re: "<whatever> – are people really this stupid?"

      <whatever> – are people really this stupid?

      The answer is always "yes".

    7. Anonymous Coward
      Anonymous Coward

      'I checked them using info I found on the Internet'

      "...we've done some checking up, and it's likely that some of these work emails are legitimate. Five British police officers using their .police.uk email accounts have details that check out..."

      Of course many (most?) will be as they seem.

      But the details you checked-out using the Internet are details that are on the Internet. At least some of those would be revenge accounts created by someone that got a traffic ticket, looked up the officer's details, and created a fake account. After that they probably started ordering sex toys for delivery to the officer's address. etc. etc.

      I'm not too concerned about the wannabe adulterers, but I feel sorry or those few innocents who have had fake accounts created using their details.

      Rare, but tragic in those few cases.

      Witch hunters beware.

  2. Charles Manning

    Are reg writers really that naive?

    Yes people really are that stupid.

    And these are the reasonably intelligent people who can figure out that you're supposed to type on a keyboard and not lick it.

    1. Alister

      Re: Are reg writers really that naive?

      Reg writers also seem to assume that one can only use your .gov.uk address to sign up from a work computer... when it's much more likely that whoever signed up from home, but using their work email address.

  3. P. Lee
    Holmes

    >>After spending the day reading through this database I wonder how many lives are going to be ruined by this hack.

    Er, no. The hack ruined no-one's life. Signing up to the site is what causes damage.

    1. Vladimir Plouzhnikov

      You know, your pseudo moralistic quip reminds me of the good folks from ISIS...

      "Don't blame us for cutting off that bloke's head - wouldn't have happen if he wasn't an infidel in the first place!"

      1. Khaptain Silver badge

        Vlad, I also agree with Peter, anyone that signs up to any of these extra marital affaires Web sites is just asking for trouble. These sites are prime targets, especially when the tabloid press can get their hands on the lists.

        Honestly though, if I was going to cheat my wife I doubt very much that this would be the way that I would do it. Keep private affairs private don't publish them on public websites.

        Publishing your intentions on a site like this is like announcing that your going to commit a crime and then hoping that it remains secret...

        Your infidel analogy was also flawed, I very much doubt that the infidels in question ever agreed beforehand not to be infidels. ie: got married and took an oath about remaining faithfull.

        Unless your set of moral standards is very different..

        1. Anonymous Coward
          Anonymous Coward

          yay for victim blaming :D

          "Your infidel analogy was also flawed, I very much doubt that the infidels in question ever agreed beforehand not to be infidels. ie: got married and took an oath about remaining faithfull."

          - but if they had, you'd be the first in line to chop their little infidel heads off, right?

          1. James O'Shea

            Re: yay for victim blaming :D

            ""Your infidel analogy was also flawed, I very much doubt that the infidels in question ever agreed beforehand not to be infidels. ie: got married and took an oath about remaining faithfull."

            - but if they had, you'd be the first in line to chop their little infidel heads off, right?"

            I'd be first in line to chop _your_ little head off, laddie.

            Of course, first I'd have to find it. That would probably require an electron microscope.

        2. Vladimir Plouzhnikov

          @Khaptain

          I agree that doing something like that is asking for trouble. Also, like you, I don't understand why would anyone do it through a site like that.

          What I disagree with, however - is justifying a questionable act or a crime by attacking the character of the victim.

          It's like saying "I disapprove of the victim's behaviour and therefore I don't consider the perpetrator's action as damaging".

          For example, imagine "victim" = woman; "perpetrator" = rapist... That doesn't sound nice, does it?

    2. PatientOne

      "Signing up to the site is what causes damage."

      Surely that should read 'Being signed up'? Without validating the e-mail address it's hard to prove the person on the list was the one who signed up. Well, unless you bother to verify the rest of the details - but as people are notoriously lazy, how many spouses would bother (blackmaillers and scammers won't bother either).

  4. PleebSmash

    In the long term hacks like this are going to be a fact of life and we're all going to learn more about their friends and neighbors than we really wanted to. How well we handle that will show quite how mature we are as a species.

    good line.

    1. Phil_Evans

      I'd say it already is/has. It's just that a generation has swallowed the idea of putting their thoughts, feelings, bank cards, fetishes, desires, photos, location tracking, purchases, bank accounts and government-related data on their front doorsteps in a box with a rusty lid. How well we handle that will show quite how fundamentally intelligent we are as a species.

  5. herman

    Wow, those 5 % women must be having a roaring business...

    1. Anonymous Coward
      Anonymous Coward

      Women on the Internet

      On the internet all men are men, all women are men and all children are FBI agents.

      So I would not be so sure that even those 5% are women.

      IMHO this gives a very interesting perspective on the potential usefulness and success rate of _ANY_ dating site. Looking at these stats you might as well try to score in the local pub on Fri. You are more likely to be successful.

    2. IglooDude

      Reminds me of the commonly heard line in Alaska, where the ratio of men to women is also tilted: "The odds are good, but the goods are odd."

  6. msknight
    Joke

    " as does one address for a senior member of the British civil service in a position that would make him a ripe target for blackmail."

    So, a pay rise all round at 'El Reg in the coming weeks then :-D

    1. Adam 1

      Sounds like the next few BOFH episodes have just written themselves.

  7. Anonymous Coward
    Anonymous Coward

    Blocking dating sites has too much fallout

    "It seems astonishing that IT departments are letting sites like Ashley Madison through web filters."

    Not really, because of the arms race in blocklists: "My list blocks 1,000 sites; well our list blocks 10,000 sites; hah! our list blocks 100,000 sites". The result is that if you are configuring your web filtering and click on "dating sites" you start blocking The Guardian ("Guardian Solumates") and The Sydney Morning Herald ("RSVP") and so on.

    1. Anonymous Coward
      Anonymous Coward

      Re: Blocking dating sites has too much fallout

      Even if they block them, using their work address doesn't mean they're accessing it at work. They might access it from home, but figure the work account is better protected against a suspicious wife (or have been at the same job for so long they don't even have a personal email account)

    2. Captain DaFt

      Re: Blocking dating sites has too much fallout

      Plus, it's not possible to know about all the sites (and more coming online every week), unless you're the living embodiment of Leisure Suit Larry.

      Until the news of the hack, I'd never heard of the site.

      1. Anonymous Coward
        Anonymous Coward

        Re: Blocking dating sites has too much fallout

        "Until the news of the hack, I'd never heard of the site."

        Now there's someone whose wife reads El Reg!

        1. Captain DaFt

          Re: Blocking dating sites has too much fallout

          Upvoted for the laugh, but no, single.

          Pro tip: You're more likely to score at the supermarket or laundromat than you are at a pub or online.

          You'd be surprised by how many rather good looking women have almost no social life.

          1. Anonymous Coward
            Joke

            Re: Blocking dating sites has too much fallout

            Are you single by choice Cap'n?

            And if so, is that your choice or the ladies' choice!

          2. LucreLout

            Re: Blocking dating sites has too much fallout

            @Captain Daft

            Pro tip: You're more likely to score at the supermarket or laundromat than you are at a pub or online.

            You'd be surprised by how many rather good looking women have almost no social life.

            Sounds to me like you're going to the supermarket or laundromat AFTER going to the pub :)

            1. IsJustabloke
              Thumb Up

              Re: Blocking dating sites has too much fallout

              Ahem... I have to concur with Captain Daft re the supermarket. You can spot the singles easily, and its very easy to then spoof a reason to start a convo...

              er... I imagine... ahem...

        2. 080
          Happy

          Re: Blocking dating sites has too much fallout

          Until the leak I thought Ashley Maddison made wallpaper

    3. Paul Crawford Silver badge

      Re: Blocking dating sites has too much fallout

      Block lists seem a pointless arms race. If you have a work situation that needs protection, why not a white list?

      OK it is some work for a junior admin, but folk can put in requests for sites they NEED to use for work, and then they get added after a cursory check. You could start with the obvious ones related to type of work, wikipedia, few moderately trustworthy news sites, etc, and just see what folk are using and why. While it sounds restrictive, it would kill dead most phising sites and malware C&C servers.

      1. Anonymous Coward
        Anonymous Coward

        Re: Blocking dating sites has too much fallout

        OK it is some work for a junior admin, but folk can put in requests for sites they NEED to use for work, and then they get added after a cursory check

        You could automate this - when people have to add their ID to a site it tends to stop the most obvious abuse - and if people want to do something "outside the wall" it is cheaper to set up isolated and well shielded systems in a cybercafe style than it is to protect internal network segments from idiocy. Of course someone has to walk the new entries on that list every so often, following up on sites that seem out of bounds, but making this a moderately interactive process is better than brute force banning, because that invites attempts at bypassing it.

        After that you can nail the people that still do stupid things.

        1. disgruntled yank

          Re: Blocking dating sites has too much fallout

          Fine, but for the past 10 minutes my location bar has had theregister.co.uk in the domain component. How many images and cookies am I pulling down from outside servers. Some are pretty obvious: HP, EMC, but sometimes The Register serves up media link that suggest that they more than suspect that I'm an idiot. I'm not sure whether it was The Register that did it, but six months ago, I kept getting ads for "One Cheat for Men over 50" and "This New Site is 'Shaking' DC Residents' (pictures of sultry young women). I didn't need to see them, I didn't click on them, and paid little enough mind that I've only just realized that they are gone.

          So while your junior admin is piling through this stuff, people end up with empty boxes on screen?

        2. Anonymous Coward
          Anonymous Coward

          Re: Blocking dating sites has too much fallout

          We block the obvious stuff like adult content, phishing, malware etc. When the users get blocked, they see a block screen in their browser and they can request an unblock from there. The block screen displays the company logo, and the IT Security team evaluate the request.

          Does this stop them requesting access to stupid things? No. On several occasions (for example) we've had employees trying to book prostitutes. Often quite ugly ones. So yes, people really are that stupid.

          1. Midnight

            Re: Blocking dating sites has too much fallout

            "Does this stop them requesting access to stupid things? No. On several occasions (for example) we've had employees trying to book prostitutes. Often quite ugly ones. So yes, people really are that stupid."

            True. People leave their workstations unlocked and go away from their desks all the time around here.

            Usually they only return to find that they just offered to buy drinks for everyone, but your way isn't really that surprising.

    4. LucreLout
      Joke

      Re: Blocking dating sites has too much fallout

      you start blocking The Guardian

      You say that like it's a bad thing!

    5. Charlie Clark Silver badge
      Thumb Up

      Re: Blocking dating sites has too much fallout

      Why the fuck should IT departments be running filters? A sensible "fair use" policy lets people police themselves and be disciplined if they do spend all their time looking at dating / sport / porn / cat animations, because even in Germany it's perfectly legal to track employee internet use if there are grounds for suspicion of abuse of a company resource, ie. like expense fiddling.

      1. Paul Crawford Silver badge

        Re: @Charlie Clark

        "Why the fuck should IT departments be running filters?"

        To reduce the exposure to phising and drive-by attacks, to limit the possibility of data egress from Trojans, etc, going unnoticed, to limit the bandwidth socked up by advertisements, etc. There are a lot of good reasons to filter things for business use.

        As pointed out by the A/C above this could be a largely self-policing activity where users can unblock a web site using an internal web page, were hopefully it shows the real source site and they then enter ID/2nd password to have it added to the white list.

        Also the A/C addressed the personal use aspect by having either the odd PC outside of the company internal LAN, or maybe by offering a 'guest' WiFi without filters for phones, tablets, etc, so folk can do stuff outside of the business without putting the internal network at risk.

      2. Anonymous Coward
        Anonymous Coward

        Re: Blocking dating sites has too much fallout

        Why the fuck should IT departments be running filters?

        1 - Consequential liability if staff looks at something that causes risk to the company: if you could have done something simple to prevent it and didn't, you may end up not being insured for the problem.

        2 - Staff harassment laws: if an employee accidentally clicks on a link in a spam email and gets shunted into a site with dodgy pics they can have grounds for suing you on account of not protecting them properly. Unfair as that may be, if a simple measure like whitelisting can prevent that you'd be silly not to do this.

        3 - the event in (2) can also trigger an infection: hard to execute dodgy scripts on dodgy sites if you don't have access to them. In this context we are now slightly better off then we used to be: Outlook no longer auto-executes crap in an email, so you no longer have the problem that the mere highlighting of a spam message to delete it was enough to execute the malware contained in it. So there is progress of sorts.

  8. keith.nicholas

    Moral Readjustment

    I think what it really shows is that the morals we inherited in the west from our "Christian" roots, while culturally embedded don't actually match these post christian societies where monogamous relationships aren't really what we want. But we still can't quite shake the belief that's what we should have.

    Time to change our culture so people don't feel they have to resort to deceit to get what they really want.

    1. Anonymous Coward
      Anonymous Coward

      Re: Moral Readjustment

      Or perhaps some people never cheated in their life but a decade plus ago as a single college kid gave an email address to hopefully see boobs or some such. Lol at least I was smart enough even back then to usually give fake info because I hated marketers.

      1. Anonymous Coward
        Anonymous Coward

        Re: Moral Readjustment

        "Or perhaps some people never cheated in their life but a decade plus ago as a single college kid gave an email address to hopefully see boobs or some such."

        No-one subscribes to Ashley Madison by accident..... If all you wanted was porn this would have been the site that you chose.

        However if your interest was to see some which of your neighbours/work colleagues was having extra marital relations then you will now pay the price for being nosey.....

        Nothing, at least in these kinds of cases, is ever as innocent as most would lead you to believe.

        Moral of the story : keep you nose out of other people's "affaires"..

        1. Anonymous Coward
          Anonymous Coward

          Re: Moral Readjustment

          >No-one subscribes to Ashley Madison by accident..... If all you wanted was porn this would have been the site that you chose.

          Pretty sure at one time it didn't require a credit card and it started life a mildly dodgy hookup site and only pushed the infidelity only angle five or so years ago. After doing some checking though it looks like the one email address of mine on there was connected to valid data that had nothing to do with me. Pretty sure my email address got harvested (ancient one I used to sign up for everything in early days of net so no surprise) somewhere (some spam list or such or maybe even randomly entered (not that rare of handle). The edge to knowing you are innocent is things like this are a bother but not worth losing sleep over.

    2. Phil_Evans

      Re: Moral Readjustment

      "Time to change our culture so people don't feel they have to resort to deceit to get what they really want."

      Good luck with that :-)

      1. Khaptain Silver badge

        Re: Moral Readjustment

        "Time to change our culture so people don't feel they have to resort to deceit to get what they really want."

        @Keith : How on earth do you imagine that that is even remotely possible.

        Today's culture, at least as the media portrays it, is based upon, "I want it all and I want it now", "I deserve everything", "I have the right to everything".."me, me , me ,me ".

  9. Chris 244
    Trollface

    What is this HTTPS I keep reading about

    "Don't trust your data to a non-HTTPS lookup site"

    (Cough)

    1. Anonymous Coward
      Anonymous Coward

      Re: What is this HTTPS I keep reading about

      Yes, I mean could you ever imagine logging on to a website using a username and password, which allows you to make anonymous comments which might even be critical to your current (or future employer's practises) that doesn't use HTTPS?

      Now it is extremely expensive and difficult to put a secure certificate on a website, probably beyond all but the most super-duper-elite-tech webmasters or sysadmins, however if a site is large enough with a big enough number of visitors then you would hope that they would hope they would spend the countless minutes required adding that basic level of login security to their site?

      1. This post has been deleted by its author

        1. Anonymous Coward
          Anonymous Coward

          Re: What is this HTTPS I keep reading about

          You'd think an IT news outlet would want to show off its competence in these easy things.

          If enough people demand something, they pointedly don't get it.

          Contrariwise!

          1. Triggerfish

            Re: What is this HTTPS I keep reading about

            Yes but be serious you would only really expect to see that sort of effort put in by a tech site, you know one that talks about security issues and stuff. You can't expect a site that doesn't understand and report on things like that to understand the needs for HTTPS.

            1. James O'Shea

              Re: What is this HTTPS I keep reading about

              I use a throwaway email address (from gmail, easy to get another if I want) and a throwaway password. I couldn't care less if some gormless twit hacked El Reg, I don't use this email address for anything even remotely important. Furthermore, anyone who knows me also knows that I don't use this address for anything important, and, more important, knows the email addresses I use for important stuff.

              I am seriously considering getting a domain and setting up my own email servers and simply generating as many throwaway addresses as I want to, as often as I want to, and in any way that I want to.

  10. LaeMing
    Coffee/keyboard

    how mature we are as a species

    You owe me one new keyboard (a Bat Chordable one).

    While there are certainly individuals of maturity (and even intelligence and integrity) in the population, taken as a species.... There is a reason if there is intelligent life out there it isn't contacting us, even if it knows we are here.

    1. Anonymous Coward
      Anonymous Coward

      Re: how mature we are as a species

      > how mature we are as a species

      Iraq 2003, next question.

    2. Anonymous Coward
      Anonymous Coward

      Re: how mature we are as a species

      There is a reason if there is intelligent life out there it isn't contacting us, even if it knows we are here.

      It's probably the best evidence that life "out there" IS really intelligent :)

      Having said that, my son casually wandered in this morning holding a piece of paper declaring the results of his GCSEs as 10 x A* and 1 x A. I'm still busy trying to get my jaw back in place.

      1. Anonymous Coward
        Joke

        Re: how mature we are as a species

        > Having said that, my son casually wandered in this morning holding a piece of paper declaring the results of his GCSEs as 10 x A* and 1 x A. I'm still busy trying to get my jaw back in place.

        Was Ashley Madison even running 16 years and 9 months ago?

  11. From the States

    Framed?

    Any chance that those addresses belonging to regular blokes were really frame jobs done by someone else?

    1. Ken Hagan Gold badge

      Re: Framed?

      The numbers would certainly suggest so, unless you reckon that a sizable portion of the male population is sexually desparate. Also, since it appears that AM were charging a monthly fee to even be on the list, they must have been raking it in if these were regular customers, so one suspects that most of the addys were defunct -- and quite possibly always had been.

      1. Khaptain Silver badge

        Re: Framed?

        "The numbers would certainly suggest so, unless you reckon that a sizable portion of the male population is sexually desparate"

        35 Million accounts would relate to a lot of people making a lot of jokes with their friends email accounts, somehow I doubt it.

        From what I glanced over in the DB, the age groups were definalty that of middle aged men, which would appear to correlate with the group most likely to use these kinds of services.

        On top of that how many "jokers" would also accept to the pay the bills by credit card....

        I imagine that in reality there were a lot of fake accounts, probably generated by AM themselves in order to build up the stats. 35 Million**** definately does not sound realistic though as it would require about 60% of all middle aged North American to signing up... I had never even heard of AM before the scandals started.

        ****Matchbook maths : North America = approx 350million people = 175million men = slightly less than 2/7 of which in the 40 to 60 year old group = 50 million men...

    2. Craig 2

      Re: Framed?

      "Any chance that those addresses belonging to regular blokes were really frame jobs done by someone else?"

      That would be my excuse when faced with a spouse's accusations :)

      "That Dave from marketing is a real joker..."

  12. Nick Kew

    Uh-oh

    Are you telling us all to anticipate a wave of spam concerning our ashley madison details?

    (For the record I never had PPI either, nor an accident to claim for. Doesn't stop the spammers).

  13. cantankerous swineherd

    istr AM had a nice little racket charging 15gbp to delete the mug punters details?

  14. Mark 85

    I'm waiting for the reasons/excuses to start

    Police: "Oh.. we were checking the online activity of a suspect".

    Government official: "I was researching this for some upcoming legislation."

    C-Suit type: "I was exploring the potential for market share and returing shareholder value".

    Fast thinking guy down the street: "I was looking to see if XXXXX is really the sleaze we think he is."

    Joe.... "I was horny?"

    As entertaining as it might be to read who's been brought out. and I'm sure the press will do it, it'll be damn sad when someone was signed up either as a practical joke or by some old enemy hoping to fill their email box. I've worked with few practical jokers like that... and made a few enemies along the way who would.

  15. chivo243 Silver badge
    Facepalm

    Just like Fight Club

    Rule 1. Always use a "throw away" account - ie yahoo or gmail.

    Rule 2. See rule 1.

    1. Ken Hagan Gold badge

      Re: Just like Fight Club

      Yes, which is why you can toss anything from gmail or yahoo (that isn't a white-listed friend) straight into the spam bucket. It always amazes me that anyone is willing to use such tarnished brands as their online persona.

      1. Anonymous Coward
        Anonymous Coward

        Re: Just like Fight Club

        Most paid email services now allow you a few aliases that you can delete when done with.

        Just saying.

    2. Anonymous Coward
      Anonymous Coward

      Re: Just like Fight Club

      Rule 3: use disposable means of payment. There is no simpler way to track identity than through payment mechanisms, and there nothing less protected from unwarranted (pardon the pun) access by law enforcement.

  16. Anonymous Coward
    Anonymous Coward

    Stupidity statistic alert

    Half the population if of below average intelligence...

    1. Khaptain Silver badge

      Re: Stupidity statistic alert

      "Half the population if of below average intelligence..." and they are easy to spot due to their poor grammar!

      1. Anonymous Coward
        Anonymous Coward

        Re: Stupidity statistic alert

        "Half the population if of below average intelligence..." and they are easy to spot due to their poor grammar!

        I think you mean spelling.

    2. Hawkeye Pierce
      FAIL

      Re: Stupidity statistic alert

      >> Half the population if of below average intelligence...

      Actually that's not necessarily the case. Half the population is of below the MEDIAN intelligence. But for example, the vast majority of humans have more than the average number of legs (for humans).

      1. Richard Tobin

        Re: Stupidity statistic alert

        "Average intelligence" is meaningless without specifying a scale. The usual scale, IQ, is defined to have a normal distribution, so the mean is equal to the median.

      2. Nick Kew

        @Hawkeye Pierce Re: Stupidity statistic alert

        Careful with your number of legs, lest you get eaten by a sphinx.

    3. Anonymous Coward
      Anonymous Coward

      Re: Stupidity statistic alert

      Thank you for that demonstration of which camp you fall into.

  17. Anonymous Coward
    Anonymous Coward

    Hunt's reputation as a security specialist..

    .. may not be under threat (I like what he's done), but he either also has a black sense of humour or he missed the subtext in what he wrote:

    The second thing was the assumption that leaked data could be removed. Of course it can be in some jurisdictions, but this would be no more than sticking the proverbial finger in the dyke

    :)

    1. Anonymous Coward
      Anonymous Coward

      Re: Hunt's reputation as a security specialist..

      Are you still at school?

      How well we handle that will show quite how mature we are as a species

      1. Anonymous Coward
        Anonymous Coward

        Re: Hunt's reputation as a security specialist..

        Are you still at school?

        No, but I read photographically and I have a dark sense of humour (IT professional survival attribute) so this sort of stuff immediately stands out to me. I prefer to first make people laugh before I talk about serious stuff, in my experience that gets you much more receptive audience than when you come in proclaiming imminent doom.

        It's all about effectiveness and knowing how to handle people.

  18. Anonymous Coward
    Anonymous Coward

    Lets look at this

    from a "user" point of view.

    1: its a torrent and a big one. Needs someone who knows what that is and how to download a torrent.

    2: the file is packed, needs someone who knows what that means and how to unpack it.

    3. the file has .dump extensions. No file association, no opening the file unless you know what to do.

    4. plausible deniability. No email checks performed so COULD be anyone. Tony Blairs email addy in there? As much as I'd like to see the swarmy grinning war mongering bastard hung out to dry for this, I doubt its him.

    Hack aside, your average user wont have a clue how to access the data.

    1. Anonymous Coward
      Anonymous Coward

      Re: Lets look at this

      But a website will soon have a fully searchable database to retrieve the details, nicely formatted and simple to use.

      1. Dr Dan Holdsworth

        Re: Lets look at this

        Several other websites will *claim* to have accurate dumps of the data, and will *claim* to check the email address you type in to see whether this is in the stolen data.

        Note that I said *claim*?

        What the websites will actually do is record all the emails input into them, and occasionally, randomly, return one as being in the stolen data. The list of new, mostly known-working email addresses will then be sold on to spammers selling new dating web sites (seeing as these people have helpfully self-selected as being a) stupid, b) interested in dating websites, c) stupid enough to give out working email addresses to untrusted websites, d) really, incredibly stupid and of course d) stupid.

        There's nothing like working with a known-stupid, known-horny crowd when you want to sell something. Stick a pair of tits on it, and these geezers will buy it, regardless of what it might be.

        This business model is after all what Ashley Madison were all about: flash tits at thick, sexually frustrated male audience, wave huge computer-generated list of female members (*ahem*) at said audience, and rake in a membership fee every month. Oh, and hope that the few prostitutes who get past your rigorous checking system (yeah, right) are up to taking on a lot of work.

        1. Havin_it
          Trollface

          Re: Lets look at this

          >d) really, incredibly stupid and of course d) stupid.

          I see what you did there. ;)

    2. Spacedinvader
      Trollface

      Re: Lets look at this

      You've obviously not seen what his wife looks like!

    3. Doctor Syntax Silver badge

      Re: Lets look at this

      "your average user wont[sic] have a clue how to access the data"

      No but, as you may have noticed, some journalists do.

    4. Khaptain Silver badge

      Re: Lets look at this

      1 : 9gb , quite large but only really equates to a couple of HD movies. At the time of writing there are currently 6134 seeds and 5221 leeches. So it's already proving to be popular. Most teenagers are also well versed in torrenting.

      The torrent contains about a dozen files which have gz, 7z + .asc extensions.. The files are named coherently for example CreditCardTransactions.7z..

      It took me around 5mins to get 700mb of that file. ( having selected 4 of the files within to test the download speeds...its about as fast as my line can take)

      2 : Anyone that has 7zip, PeaZip etc on their machine will be able to open the files.

      3 : Agreed that without DB experience .dump will pose an initial problem. Although the number of people using MYSQL is large and it's relatively easy to import the dumps.. Google would allow most "technically minded people to find the details of how to load a dump quite quickly.

      4 : That's not going to worry the spammers/hackers/script kiddies. From the 35 Million names, even a small percentage, let's say 10% would be fine.

      I would agree that the average user won't be able to use these files but it doesn't take very much for them to be useable by someone with a modicum of knowledge.

      What will pose a problem is having the capacity to load a DB with several GBs of data...

      The dumps are just plain ascii dumps, there is no encryption and even Windows 10 Wordpad is able to open a 2Gb dump file... ( notepad++ failed,,, ggggggrrrrr)

      By the way the torrent holds quite a few other files which are not DB related, floor layouts, Paypal account details etc....

      I wouldn't like to be one of those that actually used this site in the hope of scoring a quick fling... I can only presume that they are currently biting their nails....

      1. Khaptain Silver badge

        Re: Lets look at this

        Just had a quick look through the members details dump, judging by the birth-dates it appears that the majority were middle aged men. 1955 -1977 seems to be a very popular group....

        I only downloaded the smallest dump 700mb as it expands to almost 3Gb.. but it is easy to presume that the bad guys have all the space and server power that they require in order to exploit the data without any problem.....

        Nothing interesting for me other than to see how easy the data can actually be exploited.... delete torrent, delete files, drop DB, now that I have seen what is possible..

        1. Anonymous Coward
          Anonymous Coward

          Re: Lets look at this

          "Just had a quick look through the members details dump, judging by the birth-dates it appears that the majority were middle aged men. 1955 -1977 seems to be a very popular group...."

          One word ...menopause, there are a lot of very frustrated older guys out there with wives who have little or no interest in sex or any kind of physical relationship, this data clearly shows this, men in this group are also in the worst possible position to be able to find a woman (sidling up to even a 30 year old woman in a bar is liable to elicit a "piss off grandad" response), hence ...dodgy websites.

          No great mystery.

      2. fajensen
        Devil

        Re: Lets look at this

        Those sex-starved "Russian / Asian" wives will be all over those email addresses ... Maybe someone will also re-use them for posting to "misc.invest ..." or "alt.sex ..." for maximum spammage?

    5. Anonymous Coward
      Anonymous Coward

      Re: Lets look at this

      "Tony Blairs email addy in there? As much as I'd like to see the swarmy grinning war mongering bastard hung out to dry for this, I doubt its him."

      You're probably right about Blair, but I bet that was the real Elvis listed there.

    6. Anonymous Coward
      Anonymous Coward

      Re: Lets look at this

      As much as I'd like to see the swarmy grinning war mongering bastard hung out to dry for this, I doubt its him

      Oh. I can live with that - as long as the bastard gets it long & hard, the actual path doesn't matter!

    7. IsJustabloke
      Trollface

      Re: Lets look at this

      " Tony Blairs email addy in there? As much as I'd like to see the swarmy grinning war mongering bastard hung out to dry for this, I doubt its him.."

      Really? have you taken a good look at Cherie "Betty Boop" Blair .. wouldn't surprise me in the slightest and there were tabloid stories about difficulties in their marriage last year ;)

  19. Mikel

    It is difficult

    It is difficult to overestimate the acts of stupidity average people are capable of.

  20. AndrueC Silver badge
    Joke

    one address for a senior member of the British civil service in a position that would make him a ripe target for blackmail.

    They have pictures?

  21. Alan J. Wylie

    Troy Hunt's "have i been pwned"[1] site links to pastes on pastebin.

    Let's look at one example[2], and the section "Ashley Madison Dump Vatican Emails"

    Unique domains:

    $ sed 's/.*@\(.*\)/\1/' va.txt | sort -u | wc -l

    99

    And ones with an MX record:

    $ sed 's/.*@\(.*\)/\1/' va.txt | sort -u | while read x; do host -t mx $x > /dev/null && echo $x; done | wc -l

    0

    None!

    $ grep k12.va va.txt | wc -l

    42

    "k12.va.us", however is a domain for primary and secondary schools in the US state of Virginia.

    So - lots of typos or data truncation/corruption in the 1st example I looked at. Certainly no e-mail addresses linked to the Vatican.

    [1] https://haveibeenpwned.com/Pastes/Latest

    [2] http://pastebin.com/wjRvQqcc

  22. Jimboom

    *grabs popcorn*

    I just find the whole thing rather amusing. And yes, I agree that if you signed up to this site then you had already commited the crime. B*tching about getting caught is just being childish. I realize however that without e-mail authentication it does make accurately pointing the finger at someone a bit tenuous at best.

    However, it did make me laugh out loud to hear that Josh Duggar (of 19 and counting ... and other more scandalous fame) had a paid for account for Ashley Madison during the time of his marriage. So not only is he a hypocrite, anti-gay and a child molester but now he is potentially guilty of Adultery too.

    This just gets better and better.

    1. Anonymous Coward
      Anonymous Coward

      Re: *grabs popcorn*

      I realize however that without e-mail authentication it does make accurately pointing the finger at someone a bit tenuous at best.

      OK, so maybe you grasped the idea ..

      However, it did make me laugh out loud to hear that Josh Duggar (of 19 and counting ... and other more scandalous fame) had a paid for account for Ashley Madison during the time of his marriage. So not only is he a hypocrite, anti-gay and a child molester but now he is potentially guilty of Adultery too.

      Ah, alas, no, you didn't. Who says he set that up? Could have been a prankster.

      1. Jimboom

        Re: *grabs popcorn*

        Well it was paid for account. And the address on the card was one owned by his family, which they regularly showed on that poor excuse for a tv show. Ok, perhaps not a smoking gun... but enough to say that it was little more than likely that this was him... plus, given his track record...

  23. Zog The Undeniable

    If you like pina coladas, and getting caught in the rain

    What's really funny is when a dating site matches you with your own wife* and gives you a 90% compatibility rating. We had a very good laugh about that one. It was rather like that Rupert Holmes song.

    *we were already separated at the time, I hasten to add - and no, no-one played away while we were together

  24. Martin Maloney
    Trollface

    Oh, the shame

    Now world+dog is gonna find out that I tried to link up with a dwarf bisexual Carmelite nun foot fetishist!

    If onIy I hadn't been so desperate. I will never live it down.

    1. Tom 7

      Re: Oh, the shame

      Any luck? Do tell!

    2. Havin_it
      IT Angle

      Re: Oh, the shame

      When you say "tried", was the subsequent failure ideological or logistical?

  25. Anonymous Coward
    Anonymous Coward

    umm...

    > ...at El Reg's San Francisco office as we've been churning through the Ashley Madison databases...

    > ...After spending the day reading through this database...

    This is probably a stupid question; but haven't you just admitted to handling stolen goods?

    1. Anonymous Coward
      Anonymous Coward

      Re: umm...

      The bits that were 'downloaded' and paced on their hard drive were created by their own computers. What stolen 'goods' are you talking of?

      They didn't get sent an actual hard drive stolen from AM's server.

    2. I ain't Spartacus Gold badge

      Re: umm...

      Journalists usually get public interest exemptions to various laws. Given that part of their role in society is finding out information they're not supposed to know from peple who aren't supposed to tell them.

      1. Anonymous Coward
        Anonymous Coward

        Re: umm...

        Thanks for the serious answer.

        I was trying to work out what the difference would be to The Reg publishing that they'd be trawling through the database and me grabbing a copy and blogging about it. In my case, I get the impression I'd be opening myself up to all sorts of problems.

  26. Nigel Whitfield.

    A few thoughts come to mind

    Firstly, if you're of the view that says "it wasn't the hack that's causing problems, it was thinking about adultery in the first place", isn't that a bit like saying "it's not outing someone that wrecks their life, it's being gay in the first place" ?

    Judging other people's private lives really doesn't make anyone a better person. Sure, the site could have done things better, but pretending that the damage caused is nothing to do with the hackers? That seems a very narrow view, frankly.

    Secondly, this is the sort of thing that happens when you have lists of people. They get abused. And sooner or later, this is very likely to happen with all those lists of "porn users" that the ISPs are being forced to create by our government.

    Yes, you might argue you're on the list because you simply don't like censorship, or some other reason. But when it's leaked - as it almost certainly will be - the same people who are busy judging anyone whose email address appears on the AM list, regardless of whether it's decades old, or faked, or anything else, will be judging you in just the same way.

    1. Khaptain Silver badge

      Re: A few thoughts come to mind

      @Nigel

      Most cultures are based on shared values. One of the shared values that our society has always held in esteem is that of fidelity. If someone chooses, knowingly, to use an "infidelity" website in the hope of cheating on their spouse then it is very difficult to treat that person as anything other that what they are, infidel and/or untrustworthy.

      Again, I won't become involved in a Pro/Anti gay debate other than to say that for a large percentage of the population, probably in the majority, over 50 years old, it is another of those moral issue which will never be resolved by the media shoving the idea that being gay is acceptable down their throats. Whether you want to or not that issue will not simply disappear. In any event societies acceptance of homosexuality has been on a sinusoidal wave for many thousands of years... What's OK today will be taboo tomorrow.

      Porn is not illegal nor particularly frowned upon, at least not on the left side of the pond. A list of Porn Users would probably equate to a couple of Billion names, ie most adults have at some time looked at some porn..

      Are the hackers too blame, yes and no. Yes, they did hack into a website and take the data , definitely guilty. Were they responsible for people connecting and creating accounts on a extra-conjugal affair website, definitely not. Those that created accounts should have known better than publishing their sexual desires on a "public" website..

      AM et al are not data security firms, they make money from suckering people into believing that they are going to get laid without effort... Those that got/will get bitten are/were playing with a rabid dog, what else did they expect.

      Just my 2cts worth.

      1. strum

        Re: A few thoughts come to mind

        >. One of the shared values that our society has always held in esteem is that of fidelity

        Poppycock. I'm old enough (and it's not that long ago) when blokes with mistresses were thought of as 'a bit of a lad'. True, attitudes towards promiscuous women were much harsher, but don't give us that tripe about the eternal sanctity of marriage vows.

        Neither you, nor anyone else, has any business making moral judgments for other people. That's their business.

        1. Khaptain Silver badge

          Re: A few thoughts come to mind

          @Strum

          Then please define your definition of a society or a culture if is not something that is based upon common values.

          "Poppycock. I'm old enough (and it's not that long ago) when blokes with mistresses were thought of as 'a bit of a lad'."

          From what I remember being called "a bit of a lad" was not something to be proud of, it was generally given to the foolish kind of person.

          If you think that fucking around on your spouse is fine, then great for you, that's your perogative.. If marriage vows mean nothing to you, then fine, again that's your perogative.. Trust does not appear to be very high up on your list of moral values.

          For the record, any moral judgments that I make are made for myself not for others as you stated.

      2. Citizens untied

        Re: A few thoughts come to mind

        Your two cents are worth considerably less than that, as well as anyone who "blames the victim" in this case, along with anyone who believe that lack of marital fidelity is anyone's business but the parties involved.

  27. csmac3144

    "It's not the cheating per se – let's not get started on the morals of it all"

    There's nothing to "get started". Cheating on your partner is morally wrong by definition. It is fundamentally dishonest. It is not the same as, for example, an "open relationship" in which both partners are aware of and OK with external relationships. Some people may consider this latter behaviour to be immoral while many more do not, but *everyone* should acknowledge that cheating is by definition immoral and extremely damaging to everyone involved.

    1. Anonymous Coward
      Anonymous Coward

      There's nothing to "get started". Cheating on your partner is morally wrong by definition. It is fundamentally dishonest. It is not the same as, for example, an "open relationship" in which both partners are aware of and OK with external relationships. Some people may consider this latter behaviour to be immoral while many more do not, but *everyone* should acknowledge that cheating is by definition immoral and extremely damaging to everyone involved.

      .. and it's that exact Bible bashing attitude that makes an artificially created presence at a porn site such a handy tool for blackmail. Well done for declaring yourself part of the problem, you're part of the handy crowd the politicians use to push through laws that are bat shit insane.

      The issue is that a site that uses such a slogan and assists in such activity is criminally negligent not to protect its members list properly. In addition, their blackmail for charging people to have their details erased (even if they didn't place them there themselves) is something I would love to see followed up in one way or the other too, but hey, let's not do that. Let's blame the victims instead.

      1. Anonymous Coward
        Anonymous Coward

        "and it's that exact Bible bashing attitude that makes an artificially created presence at a porn site such a handy tool for blackmail. Well done for declaring yourself part of the problem, you're part of the handy crowd the politicians use to push through laws that are bat shit insane."

        Have a look at the countries which accept polygamy and let us know if you would really like to live there....

        If you "require" multiple partners then please realise that as you get older you will very possibly find yourself on your own around the 45 year old mark, if not sooner. Your colleagues probably won't trust you because they won't want you coming round near their wifes, no-one likes a playboy. Your children, if any, will probably be with someone else because the judge feels as though you are not a stable character and you will ask yourself if it was worth it just for some casual sex...

        Nothing to do with bible bashing or anything else, it's just part of living within a society... You make your choices then live by them.

        You do not have to live by societies values but when you decide to go it on your own, you will quicky feel very much alone. Anarchy is only fine in the books.....

        1. Anonymous Coward
          Anonymous Coward

          Have a look at the countries which accept polygamy and let us know if you would really like to live there....

          The whooshing sound is the point flying over your head. Which part of "artificially created" do you need help with?

          Personally I don't particularly care what people get up to provided they don't affect too many people with it, but I have made it a habit to go with extreme prejudice after people who try to blackmail me because they think I'd pay up to protect my public persona from artificially created outrage. My personal opinion is that Jack Nicholson has it right in that respect. Moralising idiots become easy tools like that, sort of like a botnet of idiots for a a DDoS on someone's life - maybe you ought to watch Monica Lewinsky's TED talk for some enlightenment. Or continue being used, of course, that's probably more comfortable because it involves less thinking.

          Jimmy Carr said it best: offence is not given, it is taken.

    2. Citizens untied

      Are most reg readers 12 years old or less?

      1. Anonymous Coward
        Anonymous Coward

        Are most reg readers 12 years old or less?

        No, best come back when you've grown up.

  28. Tridac

    Gross stupidity and yet another example of how illiterate users and web site owners can be about online security. What's the betting that all the website code was in a scripting language in easily accessable subdirs, easily found even by schoolboy script kiddies using wget or similar.

    Who in their right mind would give all their personal details and card numbers to a dodgy site like that and secondly, did the site really store all that data in a plain text database, rather than encrypted ?. Sorry, but they all deserve what they got...

  29. Anonymous Coward
    Anonymous Coward

    This whole AM affair(!) has brought out moralising tossers in droves.

    My marriage is unhappy; I haven't had a so much as a cuddle for 4 years, yet I don't want to divorce because I run the risk of losing my young child forever (this happens a lot to men who divorce, didn't you know? No, because many moralising prats are still in short trousers.)

    So I've considered many things to make life happier. I even considered AM, but didn't sign up because it seemed like a huge rip-off. But my point is, people's reasons for signing up can be many and varied. But to satisfy judgmental wankers and the 'HA-HA! you suck for giving a website your details' nob-heads, I foresee quite a few suicides by AM punters and their families. Well done, smug, baying netizens.

  30. Anonymous Coward
    Anonymous Coward

    Grow up, seek professional help and leave the self pity behind.

    1. Anonymous Coward
      Anonymous Coward

      "Seek professional advice" is a sensible suggestion that I have been following for 5 years.

      The rest of your sentence is just supercilious abuse from somebody who has no idea what they're talking about.

      1. Anonymous Coward
        Anonymous Coward

        "The rest of your sentence is just supercilious abuse from somebody who has no idea what they're talking about."

        Then re-read what you initially wrote from an objective point of view. On this side of the screen it reads exactly like a lot of self pity.

        * Not had as much as a cuddle.

        * Don't want to lose my kid.

        * Am very unhappy.

        Sorry, but if your are going to annonce your state of affairs on a public forum, then it is also necessary to understand that criticism might follow. If you want I can rewrite your phrases in another manner that does not sound like self pity but that state almost the same state of affairs.

        * The passionate side of our relation has waned in recent years, I would love to soon relive some of those times again.

        * I am currently searching for solution in order to ensure the most positive outcome for my child whom I love dearly.

        * In the school of hard knocks, like most, I have had my fair share but am actively pursing new paths to towards brighter outcomes.

        Now re-read your initial statement and remind me that it is not full of self pity. If you had written in such a manner I would have had no grounds to base my negative observation upon.

        There is always a grain of truth, usually disagreeable, in what others perceive even though it might not be complete. You must know where you stand before you can know where you are going.

        I wish you luck in your continuation.

        1. Citizens untied

          Another one I wish I could enlighten in person.

        2. Anonymous Coward
          Anonymous Coward

          It was factual. There's plenty more to tell (eg being on the receiving end of a lot of DV) but I wanted to keep it brief because the main point was not the reasons for my checking out AM, but the fact that I *had* reasons. When I desire advice I post fully and honestly, but this is not one of those times.

  31. Triggerfish

    You know reading this thread.

    The saying about glass houses really comes to mind.

  32. Gis Bun

    I can see one spouse checking to see if the other spouse was cheating and vice versa.

  33. Mitoo Bobsworth
    Facepalm

    "...charging people $19 to permanently delete their accounts."

    After the fact? Some people really are too stupid to live.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon