As details emerge about the hack of adultery website Ashley Madison, its users have a reason to be nervous.
“This breach has the potential to ruin the lives of millions of people,” Eric Chiu, co-founder of cloud security firm HyTrust, told NBC News.
It’s not clear exactly what was exposed. The hacker or hackers behind the breach, known as The Impact Team, said that it uncovered personal information on all of Ashley Madison’s 37 million users.
The site’s parent company, Canada-based Avid Life Media, told NBC News that “no current or past members’ full credit card numbers were stolen.”
But given the controversial nature of the site — it connects people who want to cheat on their respective partners — there are risks beyond leaked financial information.
It’s clear that email addresses were compromised. What should you do if one of them belongs to you?
Don’t freak out
Ashley Madison has been criticized for not verifying the email addresses of its users. That means not every leaked email belongs to someone who actually used the site.
“If somebody filled out a profile and used someone else’s email address, that data would be stored and would have been revealed in the data dump,” Jay Edelson, managing partner of Edelson PC, a law firm that specializes in tech and privacy issues, told NBC News.
As security expert Graham Cluley noted on his blog, “I could have created an account at Ashley Madison with the address of email@example.com, but it wouldn’t have meant that Obama was a user of the site.”
Call the police if someone tries to blackmail you
It’s called “sextortion.” Criminals contact users involved in illicit online activity and try to get money in exchange for their victim’s silence. It’s popular in South Korea,according to a report from security firm Trend Micro, where scammers try to initiate online relationships and then blackmail those who take the bait.
If someone is blackmailing you, call the cops, said Tom Kellermann, Trend Micro’s chief cybersecurity officer.
While the original hackers in the Ashley Madison breach might be hard to trace, those who take advantage of the leaked data might not be.
“These are not sophisticated cybercriminals, so the police do have a certain amount of pressure they can put on them,” Kellermann told NBC News.
Don’t shy away from the truth
For those who did use their own email to register for Ashley Madison, there is no use in hoping that the problem will just go away.
“Given that the data was not encrypted and put on the Internet, you can’t put the genie back in the bottle — that information is now exposed for good,” Chiu said. “In general, you should assume that information is probably public and you should come clean to whomever you need to come clean to.”
That includes spouses and employers, who can now search the leaked data with publicly available tools.
Beware messages from divorce attorneys and hot dates
Not everyone will be tech-savvy enough to find the leaked information. But it’s almost guaranteed that scammers are cutting and pasting that data right now.
If you get emails from divorce attorneys or from Ashley Madison, beware; it could be a criminal hoping to infect your computer with malware.
“You are going to be hunted now,” Kellermann said.
Don’t click on mysterious links or download strange files, he said. If you really want to be cautious, you can track the IP address of the person who sent the email. (Lifehacker has an in-depth explanation of how to do exactly that).
Armed with data on people who have been looking for love online, it’s likely scammers will create fake profiles on Facebook and other sites to target the vulnerable, he said.
“They are not only going to act like a potential love interest, they are going to act like your exact type,” Kellermann said. “If you like brunettes, they are going to be brunette, if you like blondes, they are going to be blond.”
If someone who seems too good be true contacts you on Facebook looking to hook up, be extra cautious, he said.
Find a good divorce lawyer or marriage counselor
There is no avoiding it; some marriages are going to be hit hard by this breach.
Whether signing up for Ashley Madison affects the terms of your divorce depends on what state you live in. In many of them, judges don’t factor extramarital affairs into their rulings, attorney Jacqueline Newman told CNBC, so it might not cost you any money.
That doesn’t mean it won’t result in heartbreak.
“You are going to have spouses who realize that their partner actively went on a website to try to cheat on them,” Edelson said. “That’s probably not a good thing for a lot of marriages.”