Skip to content
Back to all chronicles
Data Breaches#leak#extortion#social-impact

Ashley Madison: The Affair Site Hacked Into the Open

In 2015 The Impact Team breached affair site Ashley Madison and, after its ultimatum was ignored, leaked 32 million users onto public torrents.

Cyber Chronicle2 min read

In July 2015, the journalist Brian Krebs reported that Ashley Madison — a Canadian website whose business model was facilitating extramarital affairs — had been hacked. A group calling itself The Impact Team had quietly contacted the parent company, Avid Life Media, with a demand: shut down the site, or the data goes public.

The list goes online

Avid Life Media did not shut down. The Impact Team, true to its ultimatum, released the data in two waves in August. Roughly thirty-two million email addresses, hashed passwords, billing details, and intimate user profiles became freely searchable through mirror sites that materialized within hours.

The breach was unusual for two reasons. First, the attackers' stated motive was not financial. They objected to specific business practices — in particular, a paid "full delete" feature that, they alleged, did not actually delete anything. Second, the data itself was extraordinarily sensitive: each row potentially exposed an affair, and in some jurisdictions a crime.

Consequences beyond a server

Several suicides were reported in the weeks after the release, including at least one widely covered case in the United States. Class actions followed. Avid Life Media renamed itself Ruby Corp. and, in a strange and contested afterlife, the site continued to operate.

What the chronicle remembers

Ashley Madison was the first time a major data breach functioned primarily as a moral weapon rather than a commercial event. It forced a wider conversation about platform responsibility for sensitive data, and about the asymmetry between an attacker's twenty-four-hour news cycle and a victim's permanent, searchable embarrassment.

Related chronicles