Did Ashley Madison cheat on its users?
Computer security and privacy experts say no one should have trusted Ashley Madison to keep users' data safe.
The website, which claims to hook up married people looking for an affair but critics say is a scam, has been the target of one of the largest computer security breaches in history. Yesterday hackers calling themselves the Impact Team uploaded nearly 10 gigabytes of data pulled from the site's servers, allegedly containing the private contact and credit card information of more than 30 million members.
A fake email address using John Key's name is among tens of thousands of New Zealand-based accounts caught up in the hack, with a number of addresses in the data ending in .govt.nz.
The site makes bold claims that clients "will never be found out", but privacy lawyer Gareth Abdinor says that shouldn't have been taken as gospel.
"I don't think it's a grain of salt – I think you should take a bag of salt," he told RadioLIVE.
"While people think what they do on the internet is private, with very few exceptions that's not the case."
Auckland University computer science lecturer Paul Ralph agrees.
"Any company that says your data with us is secure and confidential, you need to be very sceptical of any such claims," he told the Paul Henry programme this morning.
"If you go on Ashley Madison's website and you look at the letter from the president, it says stuff like 'we guarantee that your data is 100 percent secure and anonymous', and clearly that's not true. Companies shouldn't be allowed to say stuff like 'we guarantee your data is secure and anonymous'."
Both say it's unlikely those whose private details have been released will succeed in any legal action against the company or the hackers.
"The real difficulty is practical enforcement," says Mr Abdinor. "This is an overseas company that didn't protect the information well enough. You would need to look at the terms and conditions of that website – what did people actually agree to?"
"In most Western countries, there are laws that say lying to your customers is illegal, period," says Dr Ralph. "But nobody ever really seems to get done for that."
And there's a good chance the figures behind Impact Team might never be found.
"Impact Team, the hacker group that says that they did this, they released all this information in a very secure and anonymised way that makes it really hard for authorities to go and figure out where it came from and who they are," says Dr Ralph.
Security and anonymity might not be the only promises Ashley Madison has failed to keep, with the hackers accusing the site of being a scam.
"You go on the website and there seems to be these thousands of attractive women who all want to have affairs – they're saying a lot of those women are fake," says Dr Ralph.
He's urging people to think before joining internet lynch mobs against the site's members.
"There are two groups of people that maybe are innocent in this – one is, people who have had their email addresses hijacked. So you can imagine your mates on a lark using your email address to go and sign up for something like Ashley Madison.
"The other group is people who really have done something wrong, they've gone and had an affair, they get caught – but maybe if you get outed in the international press, that's very depressing and maybe somebody goes and jumps off a bridge. Not only that, but those people have kids, right, and now you've got kids that are growing up without parents. It's not the kids' fault."
The Ashley Madison file has already been turned into a searchable database available to anyone with internet access.