The Ashley Madison Breach September 2015
Subscribe to Insights in Brief to be notified about new Featured Content as it becomes available!
Since its founding in 2001, Ashley Madison, an online service that claimed to connect individuals seeking to organize extramarital affairs, exemplified the internet's seamier side. So people greeted the leak in August 2015 of gigabytes of user information, company emails, chat logs, and other data with a mix of horror, glee, and schadenfreude.
Beyond its power to embarrass, however, the data may prove a boon for researchers in a range of disciplines, including artificial intelligence and conversational agent design, sociology, and computer security.
As American journalist Annalee Newitz and collaborators have revealed, many of the "women" on Ashley Madison were actually bots interacting with male visitors via fake profiles. The bots would entice men to upgrade to premium memberships, encourage them to buy other services, and even pass the men off to escort services. A single profile could, in turn, serve various bots and humans, reinforcing the illusion of interacting with a single person. For researchers, this system, and the chat logs of interactions between bots and users, could serve as a resource for understanding how to design automated systems that can converse with humans—and thus move computer science closer to passing the Turing Test of (Wikipedia says) "a machine's ability to exhibit intelligent behavior equivalent to, or indistinguishable from, that of a human." The behavior of the bots also illustrates how the assumptions of programmers can influence online experience: Gay and lesbian users had better experiences on the site than did straight users, in part because bots ignored them.
Another potential treasure trove is data about user profiles, passwords, and efforts to hide (or publicize) real-world identities. For the vast majority of users, passwords were simple and easy to guess. The data could support studies such as a statistical analysis of common password mistakes, how well users responded to prompts to improve security, and how carefully users tried to obscure their identities.
The leak also could illuminate the ways preexisting social networks navigate and harness online services. For example, financial advisors in major banking centers such as New York and Chicago, Illinois, used the site to organize infidelities specifically with colleagues or peers, often with the help of in-house "madams" who served as market makers for discreet meetings.
The Ashley Madison data breach differs from other corporate leaks in that its contents are not just credit-card numbers but detailed records of user activity on the site, insight into company policies and programs, source code for bots, and other information. Although highly sensitive and potentially embarrassing to users, the contents could be as significant a source of data for researchers as cell-phone call logs, GPS data, and other data already in use by data scientists, social scientists, and others.
In the long run, the leak could also force developers of digital assistants such as Siri, Cortana, and Facebook's "M" to rethink how they store and protect users' personal data and how they manage records of interactions between humans and bots.