In my recent article, I predicted that the worst was far from over for Ashley Madison users whose personal information was exposed by the massive hacking. Indeed, our research has now uncovered that over 500 domain names have been registered, indicating that the next stage of this reputation apocalypse is about to happen.
As I wrote in my earlier article, many (or most) of the victims have had a tissue-thin degree of protection since the data has thus far mostly been contained behind search forms. In order to find out if an individual was an Ashley Madison user, you would have had to find one of the sites that enabled the data to be searchable, and you’d need to search with the user’s email address (assuming they used their actual email on the site when they created an account). Unless a user was a celebrity or used the email of an organization that is investigating members, it’s possible no one has noticed they were associated with the site. However, I predicted that there’s an extremely high likelihood that this data will be further publicised such that individuals might become even more publicly exposed when their names are searched-for in Google and other search engines. (Read “For Ashley Madison Users, What’s Next? Reputation Apocalypse, Phase 2”.)
Celebrities and public figures have already been outed in many cases. News organizations across the world downloaded the data from file-sharing servers on the Darknet, and diligently searched for celebrities, politicians and prominent figures, and often reported upon those for the sake of attracting more viewers/readers, derived from prurient interest.
Organizations, like the military, federal and local governments, and even many large companies also downloaded the data to investigate individuals linked by their organization emails to the data. There are likely many resignations, firings, or warnings that came to Ashley Madison users due to this.
I would also hazard a guess that all Ashley Madison user emails were likely spammed by extortion demands. Criminals also downloaded the data and are using it to send out customized emails threatening to further disclose information about the individuals. (By the way, if you are a victim of the hacking, I urge you *not* to give in to the blackmail demands. In most cases, these are likely bluffs — it’s very cheap to send out email notes, and much more expensive to mail out printed copies of the evidence to individual’s home addresses. Further, you’ll likely be dealing with not one but many multiple blackmailers, so this cannot be contained. Due to this, as a strategist I must tell you that the best tactic will be for you to voluntarily disclose to people around you that you are listed in the site’s data, and by doing this you will take the power out of the secret, and remove all leverage that extortion demands might have over you.)
Many marketers have downloaded the data as well, and I heard enough different ones state that they were planning to send out marketing emails to the individuals. I have seen some of these notes, so I suspect those involved have received quite a number of notes, such as from counselors, divorce attorneys, and reputation-repair companies similar to my agency. (This is one reason I recommended to victims that they ditch the email addresses they used with the hacked site.)
Despite these various rounds of public and private outings of the adultery site users, I know that there are many who have not become exposed as of yet. They may be hoping that they have somehow slipped below the radar screen of those who know them, but I seriously believe this is premature, because there are huge incentives to many unethical people to deliver up the data on individual profile pages that would be exposed on the internet and would become crawlable by the major search engines.
To research whether my deductions are accurate, I have looked into domain names registered since the hacked data was leaked in order to see how many of them might be connected to the Ashley Madison scandal. What I’ve discovered was shocking even to me, although it supports my prediction that the data will almost inevitably become far more public-facing and will be published on websites overtly, rather than merely remaining obscured behind search forms.
Here is what we found: over 500 domains have been registered that contain the letter sequence, “ashleymadison” or “ashley-madison”! A number of these were registered prior to the hacking scandal, so we filtered further to find that 337 of them were registered after news of the hacking began to break. Note: this is very likely an undercount on our part, since there could be additional domain names that misspell “Ashley Madison” or which don’t overtly use the name at all, such as “FindTheCheatersHere.com” (I just made that up — I don’t know of specific examples of these potential domains. (Download the full list here.)
One can conjecture that at least some of these are intended to become the addresses for informational websites that will provide information about the outed members of Ashley Madison. Will all of them keep this data obscure behind search forms? Most probably not, and the reason is simple: web referral traffic. The first sites that publish the data well, in a format optimized for search engines, will get larger amounts of traffic. As they receive more clickthroughs from Google, more traffic, and as people mention them in social media and link to them, they will receive higher rankings. And, if you have millions of pages, rather than a single search form page, your pages will match up with a great many more keyword searches.
Very simply put, the websites that generate individual profile pages featuring each of the outed members of Ashley Madison will get more exposure, more marketshare because of the exposure, and hence, more business that translates into money — whether that money is through offering assistance to victims, extorting victims by demanding money to take pages offline, or through advertising.
Here are some highlights of our analysis and findings from the hundreds of domains:
ismyspouseonashleymadison.com, aretheyonashleymadison.com, ashleymadisonsearch.com, isheonashleymadison.com, weretheyonashleymadison.com, listashleymadison.com, ashleymadisonslist.com, ashleymadisoncheaterslist.com, ashleymadisoncheck.com, ashleymadisonchecker.com, ashleymadisonlookup.com, ashleymadisonnamesearch.com, searchashleymadison.com
ashleymadisonmarriagecounseling.com, ashleymadisoncounselors.com, ashleymadisonsyndrome.com, ashleymadisonhelpme.org
fuckyouashleymadison.com, fuckashleymadison.com, ashleymadisonclassactionlawsuit.com, ashleymadisonlitigation.com, sueashleymadison.com, ashleymadisonrevenge.com, ashleymadisonprivacybreachclassaction.com, ashleymadisoncheaterslawyer.com, lawsuitashleymadison.com, ashleymadisonlegal.com, ashleymadisonclassaction.info
ashleymadisonreputationrepair.com, ashleymadisonreputationmonitoring.com, ashleymadisonexcuses.com, ashleymadisonremoval.info, ashleymadisondamagecontrol.com, ashleymadison-repair.com, ashleymadisonadvisers.com
When I wrote my earlier article, I received some emails and comments suggesting that my predictions were overblown, on the basis that any website that publishes the data would be doing so based upon very indefensible legal footing. I agree that it’s legally quite dicey to use the data — either for email marketing purposes or for publication on webpages. But, those who are either naive or optimistic about people’s ethics do not have the same background experience of those of us who work daily in online reputation management. People intentionally publish illegally-gained and defamatory material all the time. In fact, I’ve seen extremely devious individuals set up hosting of illegal websites via offshore internet service provider companies where they cannot be reached by our Canadian and United States’ legal systems. Sure, if it’s hosted in the US or Canada, we likely could compel the website operator and hosting company to remove it. But, even if it’s hosted domestically, if a site posts pages about you, you’ll still be damaged in the short term when the site goes live, and it can be costly and require months to bring a legal process to make a website go offline.
It all boils down to this: the sheer numbers of domains that have been registered involving the topic of Ashley Madison is so huge that it indicates a very high level of risk that what I earlier predicted will likely come to pass. It’s only a matter of time before an enterprising website developer finally launches all the hacked data straight out into the open. This reputation cataclysm is not over by a longshot.