At least one Knesset member is among the estimated 170,000 Israelis whose personal details were swiped and released into the wild by hackers who stole the data off the website of AshleyMadison.com, the infamous platform for married people to hook up with partners other than their spouses.
Now he, the other Israelis, and nearly 40 million people worldwide are scrambling to protect their identities where possible, or at least come up with logical-sounding excuses as to why they were members of a website that encouraged cheating to offer their spouses – or divorce attorneys.
For those in Israel and elsewhere whose identities have been compromised, an Ashley Madison victims’ “first aid kit” may help mitigate the damage. “The internet never forgets, and so any piece of information (private or not, embarrassing or not) will forever be available,” wrote Dr. Yaniv Ehrlich, an Israeli who is a Whitehead Fellow at Columbia University and Core Member of the New York Genome Center.
“Even if you have no sympathy for the victims of the Ashley Madison data breach” due to their cheating, wrote Ehrlich, critics should consider how they would feel if sensitive financial or health information made its way to the web.
“Users of the OKCupid dating website, or users of a closed support group for LGBTQ teens, or the clients of a drug-rehabilitation center database, or running routes of Strava users — all of them and us deserve privacy.”
Just as doctors “treat everyone, even terrorists and mass murderers, we try to provide help based on our knowledge and experience in the technical aspects of online privacy and not to judge 39 million individuals for their poor decisions,” said Ehrlich.
A list of millions of email addresses showed some 16,000 with a “.co.il” suffix indicating an email address from Israel, the Haaretz daily reported. However, many of the addresses were never verified by a user account on the website, suggesting they may have been collected by the site without being part of an authentic signup process.
Joint (Arab) List MK Taleb Abu Arar’s Knesset email, firstname.lastname@example.org, was used to sign up on the Ashley Madison website, and according to the leaked database, “the email address was confirmed by the account owner.”
Abu Arar, a conservative Muslim Bedouin politician known for his support for polygamy, denied any connection to the website, telling Channel 2 that he had filed a complaint with police because someone hacked his email address.
The precautions and damage control steps recommended by Ehrlich could be an instruction guide for anyone whose online information has been, or is at risk of, being leaked – as well as a manual for those seeking to keep their web presence as low-profile as possible.
For example, hack victims are instructed to determine if they are among the more than 30 million (so far) email addresses of Ashley Madison users released to the web by searching for themselves on sites that don’t record search queries. Using a “normal” search engine like Google could be dangerous if the records of what was searched for are ever matched to an IP address and then connected to an email address.
It sounds far-fetched, but better safe than sorry. “Search the email address used for AM and see if something comes up,” said Ehrlich. “To further minimize leaking more information, we recommend searching with StartPage which does not collect private information and is powered by Google. We also recommend using your browser in incognito/private mode for all operations.”
Once the search is done, users should eliminate the email address used for Ashley Madison business from everywhere possible (it’s assumed, of course, that members used a dedicated address to connect to the site). “Posts and messages that contain the AM email address should be deleted,” wrote Ehrlich. “The goal is to reduce the chances that future searches for AM email address (and other AM items) will return current information about you.”
Close the email account and never use it again – and eliminate from any profile even vaguely connected to AM personal information you can be identified with, including physical details and “potentially embarrassing/incriminating information: chats logs, messages, sexual preferences, etc. You will not be able to hide this information (ever), but at least you can understand your exposure level.
“The Internet never forgets, so this is not a bullet-proof solution. However, an old Yiddish proverb says ‘it is one thing to let the death angel take you down, and another thing to unlock the door for him and put the knot on your neck.’”
The point, added Ehrlich, “is not to help cheaters — it is to help anyone whose private details have been exposed online. The Ashley Madison data breach is not the first to happen — but it is the first time such a massive amount of extremely private information is exposed in such a public way.
“While we do not condone the use of such websites, we strongly oppose to exposing private information about people. This is not the last time private information will be leaked/breached/exposed. Future data breaches might expose other groups — groups which could be more, or less, controversial than AM users — regardless of the group exposed — as internet users we should be prepared to mitigate the damages of such privacy breaches.”
Times of Israel staff contributed to this report.