'Yes. I was a member of the Ashley Madison website. But I wasn't there to cheat on anyone'

Ashley madisonAn anonymous contributor writes:

Just because someone's email is on the leaked Ashley Madison list, doesn't mean they're cheaters.

My email may be on the list, but I never paid any money to the site. I used the site strictly to search for a particular person.

A life-long friend of mine was talking with me during halftime of a sporting event we went to about a year ago. He was worried that his girlfriend was keeping something from him. She would quickly close browsers (refuse to let him on or get out of the chair for him to get on).

To make it seem like he was playing dumb, he would leave the room and check the history later when she wasn't looking. He went back and saw that the history was cleared. She would cancel dates and act disinterested when in conversation with him. He was thinking worst case scenario.

I didn't even know what Ashley Madison was truly about until he told me at halftime at that sporting event, as well as a a few other sites that he was concerned she may be on. Even though she was only his girlfriend at the time, he wanted to see if she was on any of them.

However, if he set up a profile and maybe a picture or clever username, she may catch on to it if she was on there. I was curious about these sites, not because of imagining myself with anyone on those sites, but because I was curious who might be on them (anyone I know?) and why would they be on there? So I told him that I could be his "private investigator" and look into it for him.

We set up the account on separate sites, and I then let him set the account profile preferences on there since I had no idea what to do with any of it. A week or two later, during some of my free time that I normally would use watching sports on TV, I was searching for his girlfriend.

I came up with nothing. He looked with me for a second perspective, and couldn't find her either. So we deleted our accounts on the separate sites. He was dumbfounded, because he has no idea why she has been so distant.

American football A week later, he texted me to tell me that he feels so guilty for not trusting her fully. What she was doing the entire time was attempting to set up a meet-and-greet with one of his favorite professional athletes.

When that fell through, she tried getting him tickets to the AFC Wild Card round game in Indianapolis vs Cincinnati since he's a huge Indianapolis Colt fan. She was able to get two tickets. She was keeping it from him just in case she didn't receive one of the two gifts she was hoping for.

A couple of weeks later (a full two months after debating whether or not he should marry her), he asked the question and she accepted. They are now happily married. When this leak information came out, he texted me saying "Sorry I got you involved into something that I overreacted about that could have effects for you now."

I replied back with saying this:

"Better me than you. I'm still single and can handle any consequences coming my way. If it was you that made the account, your email would be the one leaked. Who knows what [your wife] would think if your email was in the list. Your marriage would be having unnecessary issues. If we had to do it over again, and you had those concerns, I'd still help you out. You're a brother to me and I want to help people. You thought you needed help, so I was there for you. No need for an apology."

Part of me feels good that the information is being leaked.

However, at the same time, there are people out there like me that you mentioned in your article that had no bad intentions and did NOT pay to use the site for what it was designed for. Potentially, those are the people that could be hurt the worst.

I just wish the "Impact Team" would have only leaked names of people that paid to the site. Nothing else.

I understand both sides, but I also have my disagreements with both sides. I just wanted to share my story anonymously (even though gmail shows the name so you'll know my name. I'd just like to keep it private).

Thanks for listening.

Further reading:

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, ,

6 Responses

  1. Darryl Daugherty

    August 22, 2015 at 9:44 am #

    Yet another reason why anyone with concerns about a partner's fidelity should go with a professional private investigator rather than engage in a DIY solution.

  2. banana

    August 24, 2015 at 1:59 am #

    The whole situation is ghastly. I don’t know why Impact Team hacked Ashley Madison, but they clearly didn’t think through the harm that people would be put through because of their actions.

  3. Jim

    August 24, 2015 at 8:45 am #

    Being an information security geek, I have a number of disposable email addresses that I use. If they're compromised, or if they just start getting too much spam, I can just ditch them, no problem. One I just use for receiving newsletters and I'm 100% positive that it has never been enrolled in Ashley Madison's website. However, since the hack, I've started receiving adverts from Ashley Madison asking me to upgrade my account!
    My initial thought was that these were some spammers or scammers trying to take advantage of the situation, but they seem legitimate. Strange time to start marketing …

    • Bill in reply to Jim.

      August 24, 2015 at 3:51 pm #

      Jim, it's also possible that someone signed up for Ashley Madison using your email address.

      I have a Gmail account, a nice simple "first initial, last name" account with no numbers. I use it for utilitarian purposes and to not use it when signing up for websites (I have a personal domain for that).

      For the last several years a woman, Barbara, in the Upper Midwest has been using my Gmail account to sign up for all sorts of websites. MyLife.com, Walmart Photos, JCPenney, you name it. The one thing all of these sites have in common is they don't verify email addresses. Most recently she's signed up for a few college recruiting sites using my address.

      Sure enough, the other morning I received an email from HaveIBeenPwned.com informing me that my clean Gmail account had signed up for Ashley Madison a few years ago. I checked the dump and sure enough, Barbara's information came up. Lovely. Fortunately my wife has a good sense of humor about this.

      • Linda in reply to Bill.

        August 24, 2015 at 5:44 pm #

        Bill, the same thing happens to me. I have a gmail account that is my "first name, last name". Unfortunately my name is fairly common and there seem to be several people who use it to sign up for various things. I get quite a collection of stuff.

      • Jim in reply to Bill.

        August 25, 2015 at 5:04 am #

        Hey Bill,
        Yes, I'm aware of HaveIBeenPwned.com and that's one reason I'm sure I wasn't in the database leak. The other is its a pretty unusual email address, so its unlikely anyone would just guess it. So I'm still thinking its a bizarre time for Ashley Madison to start marketing … :-)

Leave a Reply