the company offers a "total delete" function and charges for it, but doesn't actually do it

Who would have thought a company built around customers cheating would cheat its customers.
posted by a lungful of dragon at 12:04 AM on July 20, 2015 [104 favorites]

Total delete sounds like something developers will make a form for and get around to implementing any day now.
posted by michaelh at 12:06 AM on July 20, 2015 [22 favorites]

I don't understand how you pitch "total delete" as something people should actually have to pay for. That's impressive, actually.
posted by neuromodulator at 12:07 AM on July 20, 2015 [7 favorites]

Wow. Couldn't have happened to a nicer dotscam.

I feel sorry for its users though, when the company in question basically screws their entire membership, and lets their most personal of information leak.
posted by markkraft at 12:16 AM on July 20, 2015 [4 favorites]

I feel sorry for its users though

I don't.
posted by dersins at 12:19 AM on July 20, 2015 [33 favorites]

So, I'm assuming that the reason the company did not actually perform "total deletes" is that they presumably use the information for datamining, selling email lists, etc.? So they make money on the initial transaction(s), again on the "delete" for pay, and then again by (I'm guessing) selling lists of basically "qualified leads." Any other reasons to hang on to that info?
posted by taz at 12:20 AM on July 20, 2015 [1 favorite]

markkraft: "I feel sorry for its users though"

dersins: "I don't."

Not all of Avid Media's users are on Ashley Madison -- they run several other less sleazy dating sites. Reminds me of when Gawker pissed off 4chan and got the passwords for everybody in the network hacked, including mostly unrelated sites like Lifehacker and Deadspin.
posted by Rhaomi at 12:26 AM on July 20, 2015 [6 favorites]

I don't know what claims Ashley Madison makes about its total delete, but I'm thinking about how I'd implement that in systems I've worked on, and it's not simple. Deleting stuff from database backups would be a huge hassle. Logs can also have a fair amount of incriminating info and nobody ever deletes stuff from those.

Even metafilter leaves deleted posts hanging around in the database. It's just easier.
posted by chrchr at 12:26 AM on July 20, 2015 [30 favorites]

Any other reasons to hang on to that info?

Probably the same reason almost nobody does 'total deletes': Many systems aren't designed to be able to do it. All of those cross-references and such. Much easier/cleaner to have a database value "isActive" or similar and just flip that bit to perform a delete-in-effect. (This doesn't excuse their selling being able to do this, but it's a relatively common failure mode)
posted by CrystalDave at 12:26 AM on July 20, 2015 [14 favorites]

They could never do a total delete. If they did, a customer could total delete, then dispute all past Ashley Madison charges with the credit card company, even the charge for total delete, and get all their money back, because Ashley Madison would be left with no transaction history to prove the charges were valid.
posted by w0mbat at 12:38 AM on July 20, 2015 [66 favorites]

Toronto based, eh? I hope someone brings this to the attention of the privacy commissioner of Ontario. Canadian privacy commissioners take privacy pretty seriously, and fraudulently claiming to delete files when in fact you're keeping them for any other purpose seems... Problematic.

I'm no lawyer, but I'm pretty curious as to the possible civil liability this company might face (specifically for customers that paid to have their account deleted).

In related news, popcorn futures are at an all-time high.
posted by el io at 12:40 AM on July 20, 2015 [6 favorites]

The only systems I can think of where deletion of records happens all the time are library databases, but that's because librarians have been at the forefront of information privacy.

Trying to see a bright side to all of this. Maybe somebody gets burned and all of a sudden online privacy becomes super-important? Because doxxing and swatting seem to be OK still.
posted by fifteen schnitzengruben is my limit at 12:41 AM on July 20, 2015 [4 favorites]

w0mbat, if that's the case, then yeah, there could be no such thing as a total delete (and now I'm wondering what the wording of that option actually is/was), but are there other options, such as keeping that information on different (intranet? maybe? I'm ignorant) systems, or some encryption process that could effectively achieve a "good-enough delete"?
posted by taz at 12:46 AM on July 20, 2015 [1 favorite]

Because doxxing and swatting seem to be OK still.

Really? Set aside 'doxxing' (as it has many definitions, but very very few people will defend giving personal information that enables financial fraud), I have yet to meet a person (or see one online) that defends swatting. Even the police, who routinely ignore death/rape threats take swatting pretty super serious.
posted by el io at 12:47 AM on July 20, 2015

I made a police report about harassment and my harassers FOIAed my police report and used it to get personal information about my family to better harass us, like an unlisted phone number and my child's school information and what harassment tactics upset me enough to go to the police. They then used that information to double down and the police proclaimed themselves helpless. If I complained, they were required by law to give the complaints to my harassers. It was so great!
posted by Eyebrows McGee at 12:53 AM on July 20, 2015 [121 favorites]

I've done programming for credit card processing, and still I assumed that when you purchased a "total delete" that they would either do a DELETE FROM on the customer table, or they'd x-out your name. Because, you know, that's what they are claiming they are doing.

It's enough of a pain in the ass to be worth a $20 fee. And while tecnically it might open you up to chargebacks, I'd assume the rate of that would be really low. These are customers who are opting in for additional discretion and secrecy. As a class they are unlikely to want to draw attention to it.

And since you selling services and not goods, actually I would guess that the rate of fraud would actually be pretty low. Who is going to try to use a stolen CC number over the internet to purchase a personal ad?

The technical reasons for their failure to deliver as promised are actually pretty weak. They're just slimeballs, intending to cheat other dishonest people.
posted by cotterpin at 12:55 AM on July 20, 2015 [3 favorites]

Deleting stuff from database backups would be a huge hassle.

Do we know of a business system even capable of doing this? Legal requirements aside - business transactions cannot just disappear - any non-trivial system would have multiple layers of backup, from daily logs to off-site tapes. Backup data is rarely in a format smart enough where you would know what to delete even if you managed to pull all the relevant tapes out of storage - not to mention the madness of having to re-verify everything works every time you delete something.

The ability to regularly remove data in old backups is a huge constraint - you'd have to design the system from the ground up with this in mind.
posted by Dr Dracator at 1:02 AM on July 20, 2015 [4 favorites]

I'm not in favor of marital infidelity, but given that hackers in a situation like this could very well leak info that would have a negative social or financial impact on the innocent spouses as well, I am at least comfortable saying that I don't actually want any information from even Ashley Madison's users leaked publicly. Nobody, ever, deserves to find out about their spouse's infidelity because someone's stolen their debit card and cleaned out the bank account, you know?
posted by Sequence at 1:28 AM on July 20, 2015 [16 favorites]

Besides snippets of account data apparently sampled at random from among some 40 million users across ALM’s trio of properties

40 million accounts, of which 39 million are spambots.
posted by dirigibleman at 1:35 AM on July 20, 2015 [3 favorites]

The ability to regularly remove data in old backups is a huge constraint - you'd have to design the system from the ground up with this in mind.

Yes, I've worked on systems that had to do this kind of thing. The crucial insight is you don't actually delete stuff from the backup, you destroy keys. As a simplified example, one solution is to have per-user encryption keys and make sure that what is on disk in your database, logs, etc. is data that has been encrypted with the specific per-user encryption keys. To securely delete a particular user's data you destroy their per-user encryption key, rendering all of the user's data (whether in the database, logs, or backups) irretrievable. Of course, now you have the problem of reliably and securely storing your keys, but that is a separate issue.
posted by RichardP at 1:42 AM on July 20, 2015 [88 favorites]

An amusing problem from a database design point of view. If you've done things right, then personally identifiable info (user IDs, e-mail addresses, billing info) is kept in one or a few tables, and everything else is foreign keyed to those. (And if you do it right, the foreign keys aren't identifiable, such as the e-mail address.)

So, if you promise is just to remove the personally identifiable info, then you just need to get rid of at most a few records in a few tables. If you promise to remove all the data, then you add triggers to the deletes. (You'll need to anyway if the rest of the stuff is actually on a foreign key.)

Deleting from back-ups is a more ticklish problem, but feasible. You design your back-ups to segregate data by user into separate files. Then you have a script which will delete those particular files. (You have a separate back-up for database schema, of course.) Yes, this is a much larger task then simply using the built-in back-up tools, which take a snapshot of the entire database.

Log files are another kettle of penguins. Typically though these would be IP addresses, date/time and the target of each GET/POST. Again it would be possible to have a script to trim this stuff out, but it might be easier just to turn off logging. If the logs were exposed, you'd be back to tracking down IP addresses.

On preview, RichardP's method ...
posted by oheso at 1:45 AM on July 20, 2015 [8 favorites]

"I feel sorry for its users though
>I don't."

I definitely agree with Sequence, in that marital infidelity revealed -- and financial information, revealed -- can affect spouses, children, etc., but I think there's a bigger issue than this.

First off, it empowers criminals, blackmailers... even possible targets for espionage and corporate spying, in that it gives anonymous people power over very vulnerable adults.

Besides this, though, Ashley Madison and the other sites in question aren't necessarily just for marital infidelity, but also quite applicable for anyone who wants to have a discrete, no-strings sexual relationship with people who have similar, possibly fetish or kink-related, interests. There is no inherent requirement for marriage, but there is an obvious need for discretion.

The simple fact is that everyone has secrets. The idea that we should be happy about tens of thousands of people having theirs outed to predators is ugly.

At heart, this is about a profoundly damaging, wide-scale, non-consensual act, and not about grown adults having consensual sex.
posted by markkraft at 1:53 AM on July 20, 2015 [78 favorites]

So to protest poor behavior handling private info, they released all of the private info of the users of the company
posted by Ray Walston, Luck Dragon at 2:13 AM on July 20, 2015 [8 favorites]

I think the lesson is that if you're interested in privacy or security, what you need to ask the vendor is not "is my information secure?", but rather "How is my information secure?"
posted by cotterpin at 3:12 AM on July 20, 2015 [4 favorites]

Once upon a time I was cheating in love, now I've seen my data leak out.

Nothin' I can do - it's a total delete of the heart.
posted by the quidnunc kid at 3:13 AM on July 20, 2015 [91 favorites]

Do we know of a business system even capable of doing this?

Isn't it required under UK and EU law that anyone holding your personal details stop doing so in a timely manner upon your request? So if there aren't business systems capable of doing this, there's a fuckton of data protection law violation going on...
posted by Dysk at 3:25 AM on July 20, 2015 [3 favorites]

Isn't it required under UK and EU law that anyone holding your personal details stop doing so in a timely manner upon your request? So if there aren't business systems capable of doing this, there's a fuckton of data protection law violation going on...

Yes. There's a fuckton of data protection law violation going on.
posted by jaduncan at 3:32 AM on July 20, 2015 [29 favorites]

So to protest poor behavior handling private info, they released all of the private info of the users of the company

Haha, yeah, sure, "protest". It seems pretty obvious that this was an extortion attempt, in which the bluff has been called.

Wasn't there a big thing a while back in which it was revealed that many of the profiles were fake? Some former employee who had been asking for millions upon millions for her carpal tunnel syndrome, and wouldn't you know it, her carpal tunnel syndrome had been caused by typing up all those fake profiles...wouldn't it be just a shame if we had to go to court over this, she said, and to put all this in the open...

Anyway, fuck Ashley Madison's users, but this is still bad.
posted by Sticherbeast at 3:32 AM on July 20, 2015 [4 favorites]

So if there aren't business systems capable of doing this, there's a fuckton of data protection law violation going on...

As a privacy lawyer, I assure you that there are absolutely metric fucktons of violations going on, in every jurisidiction, by both government and the private sector.
posted by His thoughts were red thoughts at 3:33 AM on July 20, 2015 [18 favorites]

Yes. There's a fuckton of data protection law violation going on.

Well, there's an obvious answer to how we solve Greece's debt problems then, and obviate the need for cuts due to budget shortfalls across the EU then, isn't there? Because the fines for failing to live up to the requirements of data protection law are not small.
posted by Dysk at 3:36 AM on July 20, 2015 [1 favorite]

Because the fines for failing to live up to the requirements of data protection law are not small.

Actually, compared to the profits or costs savings in not doing so, they are. Especially given that regulators are, by and large, under resourced and lack technical staff (although the Canadian privacy regulators are IMO the best in the world, and do have technical staff).

The real risk is a class action suit - that's where the big monetary losses come in.
posted by His thoughts were red thoughts at 3:39 AM on July 20, 2015

Up to half a million pounds here in the UK. Per breach.
posted by Dysk at 3:41 AM on July 20, 2015 [1 favorite]

Security is often a halfterthought.

The rest of the time, it's not thought about at all.
posted by oheso at 3:43 AM on July 20, 2015 [10 favorites]

Up to half a million pounds here in the UK. Per breach.

Sure. And it's up to $1.7 million AUD in Australia. Also per breach, which not the same as per affected individual. That's not enough to cause large companies to worry much. For example, Facebook looks at a possible $1.7 million and sniggers, because their earnings in 2014 exceeded $12 billion USD.
posted by His thoughts were red thoughts at 3:51 AM on July 20, 2015

Also per breach, which not the same as per affected individual.

Pretty sure under UK law at least, every instance of "yes we securely deleted your records as you requested and paid for" where they actually did not is a separate breach.
posted by Dysk at 4:03 AM on July 20, 2015 [1 favorite]

Pretty sure under UK law at least, every instance of "yes we securely deleted your records as you requested and paid for" where they actually did not is a separate breach.

Ah, I see. I thought you were referring to the hack. Yes, you're right.
posted by His thoughts were red thoughts at 4:07 AM on July 20, 2015

Why companies have little incentive to invest in cyber security, via The Conversation.
posted by His thoughts were red thoughts at 4:10 AM on July 20, 2015 [1 favorite]

markkraft: "I feel sorry for its users though"

dersins: "I don't."

What's happening here is shitty, regardless of what people use the site for / what kind of people they are / other sleaze factors. It's just as shitty as if it were a non-profit saving baby seals that got hacked. Because privacy is privacy and it won't help if people mix up the security breach (this one or any other one) with moralizing. You don't have to agree with the idea of people using anonymizer websites to set up booty calls / dates outside the marital bed / whatever, but the problem here is bigger and affects everyone.
posted by chavenet at 4:29 AM on July 20, 2015 [22 favorites]

I've been wondering when something like this was going to happen. After hearing the stories about this site on NPR a few years back, I always figured it would eventually be used as some kind of massive honey-trap or otherwise exploited to embarrass/extort. How could it not be? It's kind of like Silk Road. It just screams "trap."
posted by saulgoodman at 6:07 AM on July 20, 2015 [4 favorites]

There's more than a little schadenfreude being expressed on this thread.

Has anyone actually looked at the terms offered in the "total delete" service? That would give us some context for things.
posted by trif at 6:41 AM on July 20, 2015

Collecting validated big data and then getting yourself hacked for potential blackmail opportunities is a great business plan.

Oddly enough, my SO and I were discussing the "cheating" phenom yesterday.

We aren't going to pileon with the moral smugness, but there is some deep irony here.

Though, if anyone thinks captains of industry use this shitty website, they are dreaming. The only guys that got caught are schlubs.
posted by clvrmnky at 6:41 AM on July 20, 2015 [2 favorites]

markkraft: "I feel sorry for its users though"
dersins: "I don't."

Let he who is without sin share all their personal data.
posted by srboisvert at 6:43 AM on July 20, 2015 [14 favorites]

Has anyone actually looked at the terms offered in the "total delete" service? That would give us some context for things.

Arstechnica covered it pretty well.
posted by peeedro at 6:47 AM on July 20, 2015 [2 favorites]

Avid Life Media, actually. And I think "sleazy" is subjective; their other brands seem to play towards larger age differentials--sugar daddies and cougars.

So it also includes personal info of, most likely, a lot of already-vulnerable sex workers.
posted by NoraReed at 7:09 AM on July 20, 2015 [17 favorites]

"And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

That's about 15% of the adult population of North America? And probably much higher concentration amongst the target demographics. Big deal if this gets leaked.
posted by mantecol at 7:15 AM on July 20, 2015

"And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

Not all of them, I'm sure. Do you like Piña Coladas ?
posted by Pogo_Fuzzybutt at 7:23 AM on July 20, 2015 [3 favorites]

I feel for the users here (more than I would have expected tbh, even before NoraReed's good point above), but the guy who writes the short story about how his marriage fell apart because his information was exposed here and he wasn't even cheating at all and how this is very representative of being a cis het white male in 2015 is very insufferable here in my imagination.
posted by MCMikeNamara at 7:26 AM on July 20, 2015 [2 favorites]

That's about 15% of the adult population of North America?

That can't be right.

Why don't people get laid the old fashioned way anymore, with lots of alcohol and a wide variety of crude entendres
posted by Ray Walston, Luck Dragon at 7:27 AM on July 20, 2015 [1 favorite]

Frankly, I've been skeptical of Ashley Madison's data control since I started getting spam from them fairly frequently. Which is stupid because

a) I'm single, and they pitch it to me like I'm married;
b) I'm a woman, and they pitch it to me like I'm a man; and
c) I've not signed up for any mailing lists in years, so they're working on a very old data table.

None of which inspires confidence.
posted by EmpressCallipygos at 7:39 AM on July 20, 2015 [5 favorites]

There are a LOT of Ashley Madison users who are closeted and using the site for gay affairs. There's a whole bunch of gross shit going on in this leak. I'm not shocked, but it is disappointing how many people are crowing about it all. Especially when the same people were rightly horrified by Gawyer outing Conde Nast's CFO for having a closeted gay affair, just a few days ago. There are millions who will be outed against their will here.
posted by naju at 7:41 AM on July 20, 2015 [9 favorites]

For all the people chortling with schadenfreude about this, I will point this out: Impact Team is also threatening to release the consumer information for all the other AVI users, which includes ManCrunch (a gay men's dating website) Swappernet (swingers), and Big and Beautiful (BBW/BBM/overweight people looking to date).

So even if you are ok with cheaters getting exposed, and in addition to NoraReed's great point about exposing sex workers, how do you feel about gay people being outed without their consent? Fat shaming? Poly intolerance?

This is a bad, bad thing for a great many people. Even more so, I fear for the AVI customers from less tolerant (Middle Eastern and Russian) countries.
posted by LeRoienJaune at 7:45 AM on July 20, 2015 [12 favorites]

My Twitter is full of people sort of shrugging and saying "yup, that seemed inevitable". I guess I agree. There is no computer database I consider secure. Really serious companies like Google or LastPass or the like might be relatively secure; no drive-by hacker attacks, although persistent governments can still hack them. But an everyday ordinary site like a dating website? Yeah, that data is not secure.

It's kind of a crazy moment for us in technology. We've built fantastic systems to collect immense amounts of data and do fascinating things with it. But we have no idea how to keep that data private.
posted by Nelson at 7:48 AM on July 20, 2015 [2 favorites]

Isn't it required under UK and EU law that anyone holding your personal details stop doing so in a timely manner upon your request? So if there aren't business systems capable of doing this, there's a fuckton of data protection law violation going on...

In Hollywood deletion of data is, of course, done like this:
1. Hacker spends 15 seconds accessing database.
2. Hacker types "delete all my records".
3. Computer shows progress bar and then big messages saying "All records deleted"; it also beeps for emphasis.
4. The notion of a database backup is considered far too technically arcane to affect the plot.

EU legislators appear to be using Hollywood's model as a template.
posted by rongorongo at 7:50 AM on July 20, 2015 [6 favorites]

Someone out there on twitter pointed out that the Ashley Madison hack + the OPM breach = potential bonanza.
posted by jquinby at 7:52 AM on July 20, 2015 [9 favorites]

I must be a really unscrupulous person, because the first scenario that popped into my mind went something like this: the Ashley Madison and Established Men sites utterly dominate their niche; they make a metric shitload of money with very little effort; and if I were interested in using the same business model to make a metric shitload of money with very little effort, it would make a lot of sense for me to find a disgruntled employee or contractor and use them to burn my utterly dominant competition to the ground before setting up my own sites.
posted by Mary Ellen Carter at 7:53 AM on July 20, 2015 [3 favorites]

They could never do a total delete. If they did, a customer could total delete, then dispute all past Ashley Madison charges with the credit card company, even the charge for total delete, and get all their money back, because Ashley Madison would be left with no transaction history to prove the charges were valid.

The system owner could keep transaction history, but instead of storing the credit card number, store a one-way hash of it.

If someone challenges a charge for a given credit card number, the system owner could feed the number in question through their hash function and check the transaction history for the hashed value. If they get a hit, they can be statistically certain the card was used in their system, and they can associate it with a precise set of charges. Because they're storing a hash, though, they can't go in reverse and turn the hashed value back into the original credit card number.

Whether or not they're doing anything like this, I don't know. Even if they are, whether storing a hashed value violates 'total delete' and whether statistical certainty is sufficient proof for credit card companies are both questions for lawyers. From a narrow technical perspective, though, this is straightforward.
posted by amery at 8:24 AM on July 20, 2015 [3 favorites]

I'm not in favor of marital infidelity

I've always assumed the infidelity bit was a marketing gimmick. What women are indifferent to 'dating' married men? Probably sex workers. Esp with craigslist cracking down, it seems like a perfectly good way to generate business.

4. The notion of a database backup is considered far too technically arcane to affect the plot.

Any Hollywood writer wishing to address this point can do so with a simple, all too common line of reasoning:

Manager: Just restore our database from backups!
IT Peon: Remember how you said getting the Sacramento client gear online was more important than fixing backups? I can restore, but we've lost everything from the past 30 days.
posted by pwnguin at 8:34 AM on July 20, 2015 [4 favorites]

The wisest companies work hard at keeping data secure from outside and inside threats. The latter is naturally a lot more difficult to accomplish, because employees need access to data for various reasons.

Requires strong knowledge of and commitment to security best practices. And making security a high enough company priority that you have someone constantly looking for and patching weak points. Often easier said than done.

Not suggesting anything about what practices were or were not in place in this case. Just that I know from experience that it is really hard, ongoing work keeping data secure.
posted by mantecol at 8:35 AM on July 20, 2015

I feel sorry for its users though

I don't.

I feel sorry for the children of said users. They are always the ones that suffer with this crap.
posted by prepmonkey at 8:38 AM on July 20, 2015 [1 favorite]

>The notion of a database backup is considered far too technically arcane to affect the plot.

Au contraire. That's one example where Hollywood faithfully mirrors real life...
posted by Devonian at 8:40 AM on July 20, 2015 [8 favorites]

markkraft: "I feel sorry for its users though"
dersins: "I don't."

Let he who is without sin share all their personal data.

The prude in me (usually an idiot) hears about something like this and thinks, oh well, reap what you've sown. On the other hand, the apocalyptic in me (usually a twelve year old genius on way too much sugar) can't help but see a full-on personal data war as the internet age's equivalent of global thermonuclear mayhem -- the conflagration that ends up annihilating everyone everywhere ... except, of course, it won't actually kill us all, just leave us naked and exposed. Forever.

The screenwriter in me immediately thinks, okay, so what happens if all of this Ashley Madison data is suddenly available to all sides in the next big election?
posted by philip-random at 10:07 AM on July 20, 2015 [2 favorites]

Very well said, qcubed.

The theoretical website breach that terrifies me is Amazon purchase history. Amazon is pretty careful and responsible, but like I said above I don't trust any company to not possibly screw up some day. And there's a lot of personal stuff in one's purchase history. This recent article (mildly NSFW) is a humorous take on it. Imagine that kind of history leaking out for 100M customers.

I guess you could say "don't buy embarrassing stuff on Amazon" but, well, that's ridiculous. "You have zero privacy anyway, get over it" may be a more accurate statement of the current state of things. McNealy said that 16 years ago and was roundly criticized for it. But, well, it's true.
posted by Nelson at 10:39 AM on July 20, 2015 [2 favorites]

I feel sorry for its users though, when the company in question basically screws their entire membership

Isn't part of the thrill of cheating the enjoyment of the risk in getting caught? To some extent, I wonder if a smart lawyer could argue that getting your information leaked is a small — yet critical — part of the service you're paying for.
posted by a lungful of dragon at 10:48 AM on July 20, 2015

I'm just thinking that if the "total delete" mechanism were to actually work as advertised, there would be no real risk in actually getting caught — at least via the AM site. You press the button and your AM records effectively disappear (or decryption becomes functionally impossible, whatever). The prospect of true anonymity would detract from the service paid for, in other words.
posted by a lungful of dragon at 11:04 AM on July 20, 2015

MeFi's own Paul Ford (ftrain) just published a blog post about the hack that's worth reading. I liked the section at the end that talks about technical measures to protect data against this kind of breach. In particular, the idea of translucent databases

In Translucent Databases, Wayner extends this concept of hashing in new and important ways. For example, what if a police department needs to build a database of sexual-assault victims that lets them identify trends but hides personal information? You could use a translucent database where the first column is the hash of the victim’s name, and the second column is a hash of their full address, and the third column is a hash of their block and street. You can now group incidents together by grouping entries with identical block hashes; you can see if the incidents refer to the same person by checking to see if those hashes are different.

Our industry needs to work towards developing this kind of technology. Hashing and fuzzing customer data makes everything harder, particularly all the fancy big data statistical machine learning that's everyone's new secret sauce. But the Maginot Line approach to security we use now does not work.
posted by Nelson at 11:23 AM on July 20, 2015 [7 favorites]

This is notable because of the target not so much for the attack itself. Imagine what could happen should this group set their sites on your bank or credit card company.
posted by tommasz at 11:50 AM on July 20, 2015

Imagine what could happen should this group set their sites on your bank or credit card company.

Bank insured via FDIC. Credit card company has fraud liability (or the merchant does; the consumer isn't liable).
posted by el io at 12:13 PM on July 20, 2015

" If I complained, they were required by law to give the complaints to my harassers. It was so great!"

Are FOIA requests public record in your state? If so, you could at least know who was requesting the info. From there, I dunno, you're a lawyer so I assume there's some level of barratry you could apply.
posted by klangklangston at 12:15 PM on July 20, 2015

klangklangston: I know what you're getting at but, just fyi, barratry is most likely not the word you meant there.
posted by Juffo-Wup at 12:31 PM on July 20, 2015

I have yet to meet a person (or see one online) that defends swatting. Even the police, who routinely ignore death/rape threats take swatting pretty super serious.

Not seriously enough to modify their procedures to dial back their over-enthusiastic use of SWAT teams, which loads the bullet into the gun these scumbags use against people.
posted by phearlez at 12:49 PM on July 20, 2015 [2 favorites]

Imagine what could happen should this group set their sites on your bank or credit card company.

I suspect that if credit card companies were as vulnerable, they'd be the ones getting hacked, not skeezy dating sites.

The credit card companies, although certainly not perfect by any means, do their job significantly better than the average web app, as evidenced by the fact that they are still in business despite being probably the biggest targets in the world. (Well, them and the actual banks, I suppose, when they are not one in the same.)
posted by Kadin2048 at 2:41 PM on July 20, 2015

Imagine what could happen should this group set their sites on your bank or credit card company.

The credit card company would make a killing in nailing merchants with charge back fees. Which, oh look, they do!
posted by srboisvert at 2:57 PM on July 20, 2015

They could never do a total delete. If they did, a customer could total delete, then dispute all past Ashley Madison charges with the credit card company, even the charge for total delete, and get all their money back, because Ashley Madison would be left with no transaction history to prove the charges were valid.

My solution: before deleting all the customer's records, the total delete feature causes the billing records to be printed out on a lonely dot-matrix printer in a locked room. Once the chargeback period ends, the paper records are burned in an old oil drum by a middle-aged man smoking a cigar.
posted by cosmic.osmo at 3:13 PM on July 20, 2015 [8 favorites]

The "hardcopy in a safe" approach is a really underused archival scheme.
posted by chrchr at 3:23 PM on July 20, 2015

Once the chargeback period ends, the paper records are burned in an old oil drum by a middle-aged man smoking a cigar.

This is pretty good but can we specify that he has a flinty, grim look in his eyes as the flames dance before them? Also he has to visually confirm that the top piece of paper twists and blackens as the fire spreads, and that person has to be named Lovell or live on Glover road or something so that the last four letters legible can be LOVE.
posted by No-sword at 3:42 PM on July 20, 2015 [11 favorites]

How long until the "enter your email address and zip code here to see if your record was one of the affected ones" phishing sites?

(Answer: We have no way of knowing that. Thanks for providing your info for our list of people worried about it.)
posted by ctmf at 6:27 PM on July 20, 2015 [1 favorite]

The credit card companies, although certainly not perfect by any means, do their job significantly better than the average web app, as evidenced by the fact that they are still in business despite being probably the biggest targets in the world.

The US credit card companies are better because law prevents them from making this other people's financial problem. They are legally barred from handing more than $50 worth of liability to their customers in cases of fraud. The Targets and Home Depots of the world, on the other hand, have no real financial liability; this doesn't hit them in the wallet, as detailed by that article above from The Conversation.

It is astonishing how much better corporate spending and prioritization becomes on an issue when fucking it up is directly costly.
posted by phearlez at 6:57 PM on July 20, 2015 [2 favorites]

AshleyMadison is learning what more legitimate online services figured out a while ago: customer data is a liability, not an asset.

I'd agree that deleting customer data appears tricky, so do it right to begin with : Do not build services that can see their customers data. Use end-to-end encryption to protect content. And use mixnets or PIR to protect metadata.
posted by jeffburdges at 6:24 AM on July 21, 2015 [1 favorite]

"klangklangston: I know what you're getting at but, just fyi, barratry is most likely not the word you meant there."

I counted on her legal skills enabling her to parse irony from sincerity.
posted by klangklangston at 4:45 PM on July 21, 2015 [1 favorite]

The US credit card companies are better because law prevents them from making this other people's financial problem.

No, that's not how it works. Credit card fraud is directly profitable to credit card companies. They make more money off a fraudulent transaction than a legitimate one. All the cost is passed back to a retailer (not the retailer that leaked data to hackers, some random innocent retailer).
posted by ryanrs at 6:40 PM on July 21, 2015

There is some truth in that but it's not a complete thing. CC companies certainly hose some vendors but they do not do so with impunity. If they did you'd never hear the not uncommon stories of people's charge ability being cut off after "abnormal" purchase patterns.
posted by phearlez at 7:00 PM on July 21, 2015

Early notes on the Ashley Madison hack

3. However, 4chan users, and undoubtedly others, are already combing through data and posting their discoveries. They started by searching for people with government email addresses, university email addresses, and addresses associated with major corporations. This is unfolding very quickly, already revealing the email addresses of students, teachers, public servants and municipal employees.

4. Anonymous internet posters have already discovered the email address of at least one public figure. In subsequent posts, they identify this person’s partner. This person has been confronted on Twitter; I would not be surprised if the partner is currently getting alarming emails from strangers. This happened almost instantly after the leak.

5. On 4chan, and on Twitter, users are posting plain, searchable chunks of the data. There appear to be ongoing attempts to make the data much more easily available. It seems very likely that there will be a way for curious, non-technically-inclined people to search for the names of friends, spouses, partners, or anyone else very soon.
posted by naju at 8:42 PM on August 18, 2015

Anonymous internet posters have already discovered the email address of at least one public figure.

AM apparently didn't do email verification - it is entirely possible to signup using any email address you like and you don't have to be the owner of it.
posted by Pogo_Fuzzybutt at 9:22 PM on August 18, 2015 [2 favorites]

Ars Technica: Ashley Madison hack is not only real, it’s worse than we thought

Researchers are still poring over the unusually large dump, but already they say it includes user names, first and last names, and hashed passwords for 33 million accounts, partial credit card data, street names, and phone numbers for huge numbers of users, records documenting 9.6 million transactions, and 36 million email addresses. While much of the data is sure to correspond to anonymous burner accounts, it's a likely bet many of them belong to real people who visited the site for clandestine encounters. For what it's worth, more than 15,000 of the e-mail addresses are hosted by US government and military servers using the .gov and .mil top-level domains.

The leak also includes PayPal accounts used by Ashley Madison executives, Windows domain credentials for employees, and a large number of proprietary internal documents. Also found: huge numbers of internal documents, memos, org charts, contracts, sales techniques, and more.

Quoting TrustedSec researcher Dave Kennedy:

The dump itself – 10 gigs COMPRESSED. For folks that may not know, that is massive. Huge.

Regardless of ethics, this is a massive data breach where attackers had full and maintained access to a large percentage of Ashley Madison’s organization undetected for a long period of time. Ashley Madison has not commented on the original source of the breach, how it occurred, or how they were compromised.

This dump appears to be legit. Very, very legit.

posted by Rhaomi at 12:08 AM on August 19, 2015

Troy Hunt - who's behind the site ';--have i been pwned? previously noted that he will be handling this data differently than previous compromises. Hunt notes that this information is more sensitive and the responsible thing to do is only provide the individualized checks/data to users registered to his site.
posted by zenon at 8:50 AM on August 19, 2015

Economist article on the hack:

... But every time another data breach is greeted with the societal equivalent of a shrug, companies’ decision not to spend any more on data security is vindicated. The Ashley Madison breach is different, because it threatens to destroy families and end careers. Avid Media’s security was no worse than that of many other companies, but its database contains information far more sensitive than mere financial details. If its theft proves to be the wake-up call that encourages companies to start taking security more seriously, then at least some good will have come from this sorry affair.

posted by rongorongo at 11:47 PM on August 19, 2015