For Ashley Madison Users, What’s Next? Reputation Apocalypse, Phase 2
The massive Ashley Madison leak exposed the personal information of millions. Columnist Chris Silver Smith explains why the worst isn't over for its victims and shares tips on what steps they should take next.
The hacking and public outing of Ashley Madison infidelity website users is the Online Reputation Management “Apocalypse.” No other event has damaged the reputations of so many people in one fell swoop as this forced data exposure — as many as one in six married men, by some estimates.
As for the victims — and make no mistake, the users are victims, as well as many who are innocently associated with them — they may be hoping the worst has passed. I’m afraid not.
There’s more to come yet. Here’s why — as well as a few mitigation tips for victims.
The number of people caught up in this is staggering. Millions of men and women are reportedly in the released member registration data that can include email addresses and credit card information that, in many cases, are likely to identify people fairly definitively.
The data was initially released only into the darknet, but large numbers of news organizations, corporate and government security specialists, marketers and curious individuals downloaded and began analyzing the information.
Many have reported on broad statistics — which US ZIP code zones have no cheaters and geographic concentrations of more cheaters; universities with the most cheaters; how many military, state and local government email addresses are included.
And now waves of specific people have been identified, starting with politicians and prominent celebrities. Second-tier celebs or noteworthy people are now being identified and outed in the news, including mayors, religious leaders and more.
You may not be sympathetic to the people who are being outed in this scandal, and that’s entirely understandable — the website’s entire business was founded upon a business model of making money by facilitating betrayals. It lured people in with aggressive marketing tactics.
Note: Yes, I’ll call it “aggressive” to demographically target ads for products/services that are more closely associated with destructive, addictive behaviors and spamming out unsolicited emails to large swaths of people with slogans that persuade them to satisfy their selfish desires, no matter the potential cost to those around them — advertising that I publicly called out as “tacky” over a year ago. It’s more than aggressive to lure in the curious and vulnerable, and then try to persuade them that even more people are participating in this mad carnival by salting the entire user set full of false, shill profiles of women in order to further hook the fish and retain them longer, enamored of the illusions of beautiful women who never were there.
In some cases, the company apparently resorted to outright lies in its advertising to convince people that more individuals were participating with the site than actually were.
— Chris Silver Smith (@si1very) April 4, 2014
I believe there’s a likelihood that the site might’ve particularly preyed upon more vulnerable demographic groups, and it cynically promoted a very stilted view of reality that downplayed traditional ideals of morality. It cagily argued that cheating was inherently a part of human DNA and that their site could actually “help” marriages by spicing things up and providing one with other cheaters in order to reduce chances of being compromised (apparently pushing the idea of “MAD” — “Mutually-Assured Destruction” — cheat with another cheater; you’ll both avoid disclosure, as you both have stuff to lose).
The CEO, Noel Biderman, was invited as a guest to my former church in Dallas, Fellowship Church, some years back in order to debate the concept of infidelity, and I sat in the audience, fairly stunned at one point when he admitted that he’d be “devastated” if he discovered his own wife had cheated on him.
So even if you’re unsympathetic, consider that this business was founded by cynical human predators who don’t care whom they hurt, so long as they make a buck — and, despite their marketing spiels, they totally knew this was destructive to people.
Shades Of Guilt
But even if you have no sympathy for the people who were defrauded by the enticements and lies perpetrated by the site, there are certainly some people who are completely or partially innocent, or maybe less disgusting, who will be damaged by the destructive and irresponsible disclosure of the site’s information. Here are just a few illustrations and examples:
• Fantasizing in one’s mind about having an affair, while perhaps disappointing to a spouse, is absolutely not the equivalent to actually going through with cheating. All humans have selfish thoughts and may fleetingly think of doing something hurtful, but it doesn’t mean they will go through with it.
The fact that so many female profiles were fictional (and so many texting interactions were apparently phony, generated by paid writers) means that the majority of people on the site likely did not arrange a liaison via the site. While setting up a user account is a bit more than just thinking about having an affair, many of these people may never have intended to go through with one.
In this day and age, we’re starting to go a little too far into the notion of holding people guilty for “precrime,” and that’s not fair (nor realistic of human behavior). One’s browsing history is not necessarily proof of evil intent.
• In some cases, people do have “open” relationships. In other words, they have an agreement with their spouse that they can play around, and thus they weren’t necessarily cheating.
This is not as rare as you might think, and it’s even been somewhat traditional in some other cultures outside of America. Even if they may have an open relationship, the forcible data disclosure is harmful to these couples; they don’t necessarily want their private life arrangements made public.
• In some cases, there may be some gray areas where cheating is concerned, and while one still may find it distasteful, some people may not be as outright awful as you may be imagining. What of individuals who have spouses who have lost their minds to dementia or have become medically unable to be physically intimate? Or those who may have agreed to continue living as married publicly, while privately they’ve permanently separated?
People often may continue living as married in the public eye because their families will not accept divorce, or perhaps for convenience and financial reasons. While these may still be situations with some degree of dishonesty or lacking in perfect integrity, the point is that with the giant numbers of people involved, there are likely cases that deserve a measure of compassion, and painting all members with the scarlet letter may be far more destructive than deserved.
• For some people, the fact that they were involved with this site is past history, and having this made public is now unfairly damaging. The vlogger and creators of the recently viral YouTube video where the husband surprised his wife with the news she was pregnant have disclosed that his membership on Ashley Madison was a past issue in their marriage and that he’d changed course and reconciled with her.
The outing of the site’s data is dredging up past history and negatively affecting both partners in some cases where they may have already known of this and worked things out with each other. There are likely many members who have already divorced since their membership on the site, and retroactively outing them for cheating is just beating them up now for no reason.
• It’s easy to forget in the West that people in other countries who are gay may be in heterosexual marriages in order to hide their orientation, or because arranged marriages are the norms in their cultures — but they may have been members of the site in order to secretly arrange liaisons while living a double life. You can criticize these people for living dishonestly, but some degree of pity should also be in order because they may not have felt they had any other realistic options in life.
They may have felt that having secret affairs was the compromise they would pursue, and that by keeping their secret life secret they would not harm anyone around them. The leaking of gay members may put their lives at risk around the world.
• Some email addresses were co-opted and used in setting up member profiles without their owners’ knowledge, and some profiles used people’s names without their involvement.
Already we’ve seen statements from some prominent people that they’ve been falsely outed in the data release, such as the son of the vice president, Hunter Biden. These people are mistakenly and unfairly being tarnished in this. They’re caught up in this mess, and it has the potential of following them for years.
• Spouses, families, businesses and organizations of the outed site members are not responsible and now may be unfairly hurt by this public outing. They are unwitting victims, and it’s simply not fair that they have this thrust upon them.
Even if you despise the site’s members, disclosure of infidelity should probably only be the province of the married couple and should generally be private information between the people involved. This public disclosure generates a lot of collateral damage with the wide net it has cast.
So the ripples of destruction with the Ashley Madison data hacking extend farther than merely exposing a bunch of cheating jerks. It’s likely that a good many people are being embarrassed and harmed by this beyond any vaguely “reasonable” or “fair” degree.
Even outright cheaters shouldn’t have to be extorted, publicly embarrassed, fired from their jobs, imprisoned or even executed for their involvement. The variety of ways that the outed members are being beaten up for this is horrifying.
In the United States, criminal penalties for adultery were abolished more than 50 years ago, but members in other countries may still face legal consequences. There were gay members of the site, too, and in some areas of the world, these outed members may now face execution.
Exposed site members have already been making public statements, stepping down or being fired from their jobs, getting extortion demands, and likely getting divorce papers. For some, just dealing with the fallout may be so emotionally overwhelming that they simply cannot cope. There have already been some suicides purportedly related to Ashley Madison. (All of this could have been foreseen, of course, further calling into question the Ashley Madison founders’ disingenuous claim that it was a harmless business model or that it was “helping” people in some way.)
What’s Next? Phase 2
Regardless of whether you’re innocently associated with a member account outed with this scandal or were an actual member yourself, there are a number of ways that you could have been damaged by this already. And as a professional involved in online reputation management, I predict that this is not over by a long shot.
While the data was first released into the essentially invisible darknet, that information was copied by many people, as I mentioned earlier. A small number of websites have cropped up already which enable people to search the data to confirm if someone is represented in the member registration data.
One can currently search by email address, but people who used separate email accounts in order to anonymize their interactions are still hidden and have not been outed to people important to them.
Those who used work or organization email addresses or those whose email addresses contain their unique names embedded may already be identified, or soon will be, by your organization. Many large companies’ IT security groups and government/military security groups have downloaded the data files and have been searching for those involved.
Those with names and addresses that reveal their identities and who are celebrities or locally known figures have steadily been outed by news media organizations that have been investigating the data. But those who have more common names or are not all that publicly known may feel they are a hidden and protected by your relative “nobody” status.
If you’re not among the groups of users that are being actively sought out by organizations or curious spouses and friends, you may feel like you’re now sliding out of risk of getting exposed. But I don’t think it’s over, even for you.
The Unsolicited Email Deluge
All of those represented in the data are likely already receiving unsolicited email notes regarding being found in the data. Some of the “free” sites allowing one to search on email addresses to check for correlation in the Ashley Madison data are actually keeping those emails and mailing out marketing messages to them.
The worst of these may be extortion notes demanding payment to keep the sender from exposing your data publicly or threatening to disclose your information to your workplace, family, friends and community. If you receive these, ignore the notes or report them to the FBI.
Do not pay money to the extortion artists. If you think this might enable you to avoid exposure, you’d be very wrong. You’re likely to be publicly exposed if you haven’t been already. I’ll explain that part later.
The larger group of emails you’re going to receive are through email marketing. I’ve already heard many mentions from fellow marketers about plans to analyze the data and market products and services to the Ashley Madison users. I think your email boxes will be overflowing very soon, if they’re not already.
Businesses that seem more closely linked to the needs/wants of the site’s members are first in line: marriage counseling providers, divorce attorneys, moving services, temporary housing accommodations, asset investment specialists and more. I predict that the number of emails from divorce attorneys alone may render your email account useless. You’ll likely need to plan to abandon that email address because of the spam, if not to begin distancing yourself from the Ashley Madison scandal.
I would conjecture that the Ashley Madison members represented in the credit card information are likely now more vulnerable to having their identities stolen and financial information compromised. Names, addresses and birth dates may help thieves begin assembling your personal data for misuse — to set up credit accounts in your name and/or to hack into your bank accounts and credit card accounts.
Celebrities and prominent people may have mostly been exposed already by curious folks and news media. For them, there’s not much that can be done by online reputation repair specialists, although they may wish to have work done to eventually supplant the new stories about their exposure so that they can move on without having that one event representing them the rest of their lives on page one of search results.
I think the next big phase in this is going to dramatically affect a great many more people. If you’ve slid past being fingered by a news organization or by your employer, and your spouse and friends haven’t discovered you, your safety is not likely to last. Prepare yourself for more public exposure.
Many speculators love to take this sort of data and use it to generate large websites. The public interest in the data and the greed of unscrupulous people are virtually certain to result in a number of websites attempting to create Web pages that clearly identify all of the members.
Quite a few entrepreneurs have generated reputation-marring and privacy-intrusive sites based on publicly available information in the past — property records drawn from tax rolls, online libraries of court documents and marriage records, arrest records, records of censures by professional organizations and sites presenting mugshots.
In cases of arrest records and mugshots sites, the many pages generated easily drive large amounts of internet traffic, so they often may make revenue from advertising displayed on the pages. The worst of these sites take it a step further, though, and are thinly veiled, barely legal extortion rackets that will remove one’s arrest record or mugshot for an “administrative” fee.
The very worst-of-the-worst of these sites may actually be operated by online reputation repair companies secretly on the back end. I’ve personally investigated a number of such unethical scenarios where the people who should have a duty to help those with tarnished reputations are actually publishing the very damaging materials, and by so doing, they are trying to drum up more business for themselves.
How Bad Can It Get? Very Bad
If materials that identify you are included in the Ashley Madison data, you should expect that multiple websites will soon begin to feature Web pages all about your cheater membership account. You may not even realize how much can get disclosed with this. You may have avoided using your real name, but if you created other member profiles elsewhere on the internet using that same email address, imagine that these data website creators may mashup data from multiple sources when they start generating these pages.
For instance, if you used the same email address to set up your Facebook account, the developers could use a simple API that submits the email address to search for profiles on Facebook, and they could then add your Facebook profile information onto their Web page identifying you as an Ashley Madison account holder. Or they could use your street address to pull back all the names of property owners at that address to display on the same page, along with the cheater website account information.
Once these websites begin generating profile pages about Ashley Madison members, the pages will get spidered by Google, Bing, other search engines and many “scraper websites.” Your identifying materials may begin showing up prominently in search results when people search by your name.
For many people, these pages will become some of the prime things that represent them, since it’s common for people to search by name when first meeting someone or getting to know them.
Even if you’re innocent, or if you believe you’ve already reconciled with your spouse or otherwise dealt with the initial disclosure, having this stuff appearing for your name searches could have a very erosive effect upon your future. Would someone want to date you if they see you’re a former Ashley Madison member? Would someone do business with your company or you, if you’re an owner, founder, or executive? I’ve already heard people saying they wouldn’t do business with a former member because they believe those members are probably inherently dishonest people.
Would someone hire you? Or, would it simply be embarrassing to have this one item come to represent you, instead of all the other things that may be more definitive and unique about you?
While this reputation management apocalypse is huge, and I can predict that professionals in my line of work can anticipate more business as a result, I’m not at all happy to imagine people getting hurt in this way. Reputation damage mostly makes me feel nauseated, since I’m intimately familiar with the harm and collateral pain that this sort of thing can cause.
One of the reasons I work in this area is that I find the opportunity to help people who have been harmed to be very compelling and satisfying. But I don’t relish a growth in business as a result of a disaster in people’s lives, and there are others in ORM industry who feel the same.
What Can Be Done
For those whose company or government/military organizations have already identified their membership in Ashley Madison, there’s little that an online reputation specialist can do. That sort of disclosure damage, when it gets to your workplace, family or friends, is something we can’t undo.
If you’re trying to keep a spouse from learning about your involvement in the site, my experienced prediction is that it is highly unlikely to stay secret. We now live in the information age, and it’s very hard to put the cat back in the bag. If your spouse isn’t suspicious and hasn’t searched the data for your information, then a family member, friend or acquaintance may still do it and then inform your spouse.
My frank advice is that with this data emerging into the public eye, you should get in front of it and tell your spouse yourself. You have more integrity and credibility if they get to hear it from you before hearing of it from a third party.
The fastest way to take the power out of a secret is to disclose it. Disclosing it will make you invulnerable to extortion and will reduce some of the stress and panic in trying to avoid what may be inevitable.
Disclosing it may give you a chance to reconcile and to perhaps develop a stronger relationship after the fact, although you also will risk the dissolution of the relationship.
Likewise, if you used your employer’s email for an account, you maybe should disclose this to them upfront and get it out of the way, rather than have them independently discover it. You may begin rebuilding your reputation by owning it, confronting the issue, asserting to your employer that you’ll avoid compromising the organization’s reputation in the future and stating that you will work industriously to make this right and to try to impress them with your efforts to be a valuable employee.
My professional advice for repairing your reputation online is most oriented with the “Phase 2” that I foresee. We can’t really put all the information back into the box to keep this from your immediate associates, but once websites publish it, and it begins showing up in search engine results for your name, there’s no reason why it needs to rank prominently and represent you into the future.
Tips For Ashley Madison Users
• Abandon the email address. You might want to replace the email address in any of your financial account logins, if you used the same email for Ashley Madison. Even if you didn’t, it might be advisable to change email addresses anyway to begin distancing yourself from that Ashley Madison account data.
• Change passwords. I’ve operated a number of websites and administered many large systems, and I know for a fact that a lot of people use the same login passwords across many of their accounts.
While passwords were encrypted in the released Ashley Madison data, there’s a chance that they could be cracked. And there may have been quieter data breaches prior to this highly publicized one.
If you used the same password anywhere else, change your logins everywhere to stronger ones, and stop using the same password across all your accounts.
• Change security questions. The security questions/answers were included in the released data, so if you used the same Q&As anywhere else, go and change that now if you are able to.
• Avoid the impulse to lie about your involvement or use companies to create deceptive materials for you. I’m seeing some “identity repair professionals” who are offering to generate bogus materials and supply people with various explanations to try to give them convincing lies with manufactured “proof” that they weren’t responsible for their identifying information appearing in Ashley Madison data.
If it was merely your email address that identified you, perhaps that might work, but for those who paid for memberships, the payments and credit card information will more definitively point to your responsibility. Plausible deniability is attractive, but it’s unlikely to work for any length of time with any intelligent spouse.
Don’t pay people to create lies or deceptive, fraudulent materials for you. You’ll make the sense of betrayal even worse by doubling down and adding on more deception when it’s finally discovered.
Don’t trust individuals or businesses that are founded upon generating outright lies. If they compromise professional ethics by generating lies for you, how can you trust them not to later turn around and attempt to extort you? They are proving from the outset that they are dishonest.
• If you have a unique name, and you haven’t got much of an online presence now, immediately launch an online reputation program proactively. There still may be time for you to create and publish materials to rank for your name before scummy websites begin doing it with the Ashley Madison data. If you have materials that you control ranking for your name first, then the embarrassing data pages will have a harder time gaining ground and appearing prominently for your name searches.
I’ve written about this before: many people have the mistaken notion that keeping a low profile online equates with privacy. But the two are fairly separate conditions, and if you keep a low profile by not having websites and social media in your name, then you create conditions where it’s easy for damaging materials to be the things that rank in your name searches.
• It’s entirely possible to do it yourself with your online reputation management. You can set up websites and social media accounts and post articles, images, videos and more. You can read up on search engine optimization and social media development methods so that you can establish materials that will rank strongly and can help keep other stuff from appearing and ranking in the first page of search results.
• Hire an ORM specialist to proactively set up content for you. You may not have the time to really do your own online reputation program, or perhaps you don’t have the technical skills and patience to learn how to go about it.
I see people all the time who set up a Twitter or Facebook account, only to mess up the configuration or not know how to optimize it to rank well for their name. Hiring a pro may get you up and running quicker — now — before any negative stuff is published and starts getting entrenched in the rankings.
• Having your address published with your name and identifying materials is a high security risk for many types of individuals, such as policemen, judges, doctors, principals and others. If you are in a sensitive category, it may be advisable to take steps to reduce your vulnerability now that your address may be published.
If you’re in an apartment, start thinking about moving when your lease comes up for renewal. If you’re a home owner, perhaps it would reduce risk if you move your deed and tax roll data into being held by an LLC or some other legal entity so that your name starts getting separated from the address.
• It may also be advisable to change phone numbers, similar to changing email addresses. It’s inconvenient, but it’s good for security and for distancing yourself from the persona that registered with Ashley Madison in the first place.
If you have a common name, removing all uniquely identifying information associated with the released data will make it less obvious in the future that you were involved.
• If you’re involved with other unsavory websites, take this as a wake-up call. Our personal data can abruptly affect us when combined with many potential contexts. It’s advisable to cancel memberships and request data deletion at any sites that could compromise your reputation, privacy and security.
• Once you have many basic elements of a good online reputation profile set up, focus on all the myriad ways you can build your reputation positively. Instead of expending your most valuable resource, time, on reputation-destroying activities, what if you use that time and energy to instead build your career, personal life and online presence?
Pursue activities that will build your resume on LinkedIn. Blog about your interests, activities and thoughts. Create art and publish images on photo-sharing sites like Pinterest, Flickr and Instagram.
Shoot videos of interesting things in your life and post them to YouTube and Facebook. Write that book you’ve always thought about and self-publish on Amazon. Interact with others online who are in your industry or involved with hobbies or social activities that you are interested in.
All of these activities can build you as a person and simultaneously help you develop a more comprehensive online representation of who you really are, so that if any of your less-admirable qualities come to light, the negative stuff doesn’t overwhelm and become the sole characteristic representing you when people search for information about you.
Having negative materials appear about you online and become prominently visible is a traumatizing experience, whether the stuff is true or not. When this happens to people, they feel embarrassed, isolated and depressed, and they can feel a sense of hopelessness.
You’re not utterly powerless where your reputation is concerned, though.
The second phase of exposure for Ashley Madison’s members is realistically imminent. The destructive effects of the data breach are continuing to ripple outward to affect them and those innocently associated with them.
The likelihood of the information getting published onto Web pages that get crawled by search engines is quite high, in my estimation, and people involved are likely to become more exposed and more damaged if they do not prepare for the worst.
Interested in reading more on online reputation management? Check out my other articles on the topic:
- Are Search Engines Responsible For Reputation? Yes, Virginia, They Are. Big Time!
- 9 Key Points for Cleaning Up Your Online Reputation Nightmare Via SEO
- Trademark Policing: Ninja Techniques Of Online Reputation Management
- 10 Ideas: How To Fix A Damning Business Review
- How I Came To Work For A Killer: An Online Reputation Fable
- Why Google, Bing, Facebook, Twitter & Others Should Collaborate: A Proposition For An Online Reputation Issues Clearinghouse