The media has been in a frenzy since yesterday, when Avid Life Media released its latest statement on the Ashley Madison hack – this time defending the site against journalists’ claims that many female profiles were fake or unused. In its statement, Avid Life Media claims that Ashley Madison membership has continued to grow since the incident, stating that “This past week alone, hundreds of thousands of new users signed up for the Ashley Madison platform – including 87,596 women.” The statement goes as far as to claim a 1.2 to 1 ratio of paid male users to active female users this year (females can use the site for free). It even calls Ashley Madison users “happy customers on a consistent basis” and closes with a challenge for skeptics: “Ashley Madison is the number one service for real people seeking discreet encounters. We invite everyone to visit our website or our app and make up their own mind.”
Given some of the information that has surfaced in the data breach – from reports of Ashley Madison’s fraudulent “paid delete” service to leaked emails indicating that the company’s founding CTO had hacked at least one competing dating site – the numbers in ALM’s latest statement have left many skeptical. After dominating global headlines over the past two weeks with news covering the messy fallout of the developing Ashley Madison hack story, it is hard to believe that people are still signing up for the site. Any users who have signed up since August 18 either haven’t heard of the hack or simply don’t care about the risks imminent to Ashley Madison users following the breach – neither of those cases sound probable, at least not on the scale of signups that Avid Life Media claims.
So how believable are ALM’s membership claims? You decide. The homepage for AshleyMadison.com boasts a membership counter that is updated regularly. After watching the homepage for a few weeks (and with the help of the Wayback Machine), Ashley Madison’s claimed growth figures seem even more inflated: according to their homepage, membership has grown by nearly 1.5 million (from 38,855,000 to 40,330,000) in the two weeks that have passed since Impact Team’s “TIME’S UP” message and accompanying data dump on August 18. That’s over 100,000 new users per day for the past two weeks. Needless to say, that’s a number that doesn’t jive well with their statement’s assertion that 87,596 women signed up in half that time.
Ashley Madison’s homepage on August 18, the date of the first data leak. At that time the site claimed 38,855,000 members. Ashley Madison’s homepage on September 1, now claiming 40,330,000 members.
Going back even further, the latest number for Ashley Madison membership marks an increase of 2.7 million users since July 20, the day that Avid Life Media released its first statement acknowledging the attack. That means that the site gained 1.2 million users in the nearly 30-day span between Avid Life Media’s first statement and the first data dump by Impact Team. Considering this, the idea that 1.5 million users have signed up in the 2 weeks since the first leak seems even less believable.
What’s more likely, in my opinion, is that this statement comes as a sort of desperate marketing ploy from a company that is flailing in trying to survive following an “extinction-level” hack. Aside from the common sense reasoning that most people trying to engage in discreet affairs wouldn’t sign up for a site fresh off of a hack that exposed over 33 million of its users, many of the numbers and language offered in Avid Life Media’s statement come across as a sales pitch aimed at gaining – or at the very least retaining – customers after a crisis. From touting their “1.2 to 1” male-to-female ratio to their claims of having “customers in nearly every zip code in the United States,” Ashley Madison and Avid Life Media seem to be going to great lengths to deny or downplay much of their dirty laundry that has been exposed, all in the name of continued sales growth.
True or not, we may never know, but at the very least this data breach should offer a few lessons learned from an online privacy and security standpoint. Most importantly, you should use the internet assuming that any information you offer online is permanent – it will live on past any attempt at deletion and will remain potentially accessible to prying eyes. This concept should guide your decisions when offering up private information to websites or social media platforms. What’s more, it’s important to remember that just because a company claims to be secure or private doesn’t mean that they are – when in doubt, ask a company how they protect their users’ information prior to signing up or using their services. The answer you receive can be a critical factor in ensuring that you don’t end up losing private or personal information in the next mega-breach.
Data Protection Vendor Evaluation Toolkit
The toolkit contains an RFI-RFP criteria template and a corresponding vendor evaluation scorecard.
Related ArticlesThe Biggest and Most Impactful Data Breaches of 2016
There was no shortage of data breaches making news last year – let’s take a look back at some of the biggest and most damaging data breaches of 2016.Friday Five: 12/22 Edition
Catch up on the week's infosec news with this recap!Survey finds Cyber Attacks Incredibly Common at Automotive Firms
A survey of automotive executives by KPMG finds that reports of data breaches are common - even as investment in security lags.