The Ashley Madison Effect: rising concerns for personal data security in online dating

The catastrophic Ashley Madison hack which affected 32 million users highlights concerns over personal data security within online dating. 

Ashley Madison suffers catastrophic hack affecting 32 million users

Once reportedly en route for an IPO, online married dating site Ashley Madison’s future is now looking a little more uncertain following the catastrophic hack which saw the so-called Impact Team release 32 gigabytes’ worth of data, affecting 32 million of the site’s users.

The hack also revealed that Ashley Madison’s “full delete” service, which promised to remove all information from its servers for the charge of $19, was ? in the hackers’ words ? “a complete lie”. Internal data shows that the company retained GPS coordinates, addresses, weight and height, date of birth, smoking/drinking habits, gender, and ethnicity of full delete accounts.

The hack follows data breaches at two other dating sites (Cougar Life and Established Men) owned by the same parent group, Avid Life Media, and “adult hook-up and sexual tryst community” AdultFriendFinder (owned by FriendFinder Networks) also suffered a breach earlier this year.

The human cost of failed online dating personal data security

Ashley Madison CEO Noel Biderman has since stepped down, eight lawsuits have already been launched in the US and Canada, Avid Life Media is facing more than half a billion dollars in damages and legal costs, and the Ashley Madison brand is in ruins.

But the cost has also been very human. Ashley Madison users ? just like the broader one in five adults in the US aged between 25 and 34 who admit to having used an online dating site or mobile app ? trusted the company with not only their payment and practical information, but with some of their most deeply personal information: marital or relationship status, sexual orientation, education, religion, political tendencies, hobbies, income, ethnicity, and, of course, those more intimate interests.

Many Ashley Madison users may never recover from having their private and most intimate (and in this case, illicit) lives spread across the Web, whether it affects them now or at some future point in the future when the information resurfaces. Most seriously, at least two users have reportedly committed suicide in the wake of exposure.

Growing concerns over personal data security within online dating

These hacks are now part of growing concerns over personal data security within online dating.

A report by Privacy Rights claims: “Many online dating sites take shortcuts with respect to safeguarding the privacy and security of their customers. Often, they use counterintuitive “privacy” settings, and permit serious security flaws”. A 2012 study of eight popular dating sites by Electronic Frontier Foundation (EFF) found that only one site (Zoosk) carries out basic security precautions such as enabling encrypted connections (HTTPS, which ensures that information gets encrypted when it is sent and received over the Internet) by default. And it also reports that data is most often not automatically or permanently deleted upon account closure, but rather requires a direct user request.

A study by mobile security specialist nVisium, which examined 30 of the most popular dating apps, further reports that 80% of the apps leaked personal information to third-party services, 70% had issues that would allow a user’s real identity to be disclosed, 60% send information across the internet without protection, and 50% store information on the device without security.

A 2013 enquiry ? which was aired on a BBC Panorama documentary ? revealed that four of the UK’s biggest online dating websites could even be in breach of the Data Protection Act over their handling of users’ personal details.

It is no surprise that users are increasingly being encouraged to protect themselves against what one must remember are for-profit sites.

Protect yourself

• Check that the site is encrypted usingHTTPS by default, or install HTTPS Everywhere
• Strip the geolocation and other metadata that cameras typically add to digital photo files
• Be cautious uploading personal photos which may be stored in content delivery networks (a collection of databases dating sites use to store photos) long after accounts are closed
• Remove or deny geolocation requests on an app
• Read the Ts and Cs, with particular attention to any clauses relating to data retention and how long information is retained
• Wipe out data manually before deactivating an account