Ashley Madison
A group called The Impact Team gave a Canadian affair site a deadline. When the site refused to shut down, thirty gigabytes of customer data went to BitTorrent.
In July 2015, the journalist Brian Krebs reported that Ashley Madison — a Canadian website whose business model was facilitating extramarital affairs — had been hacked. A group calling itself The Impact Team had quietly contacted the parent company, Avid Life Media, with a demand: shut down the site, or the data goes public.
The list goes online
Avid Life Media did not shut down. The Impact Team, true to its ultimatum, released the data in two waves in August. Roughly thirty-two million email addresses, hashed passwords, billing details, and intimate user profiles became freely searchable through mirror sites that materialized within hours.
The breach was unusual for two reasons. First, the attackers' stated motive was not financial. They objected to specific business practices — in particular, a paid "full delete" feature that, they alleged, did not actually delete anything. Second, the data itself was extraordinarily sensitive: each row potentially exposed an affair, and in some jurisdictions a crime.
Consequences beyond a server
Several suicides were reported in the weeks after the release, including at least one widely covered case in the United States. Class actions followed. Avid Life Media renamed itself Ruby Corp. and, in a strange and contested afterlife, the site continued to operate.
What the chronicle remembers
Ashley Madison was the first time a major data breach functioned primarily as a moral weapon rather than a commercial event. It forced a wider conversation about platform responsibility for sensitive data, and about the asymmetry between an attacker's twenty-four-hour news cycle and a victim's permanent, searchable embarrassment.