New analysis shows over 99 percent of the women on Ashley Madison were fake

New analysis shows over 99 percent of the women on Ashley Madison were fake

Full Description

New analysis shows over 99 percent of the women on Ashley Madison were fake

As soon as the Ashley Madison hackshit earlier on this month, it didn’t take long for researchers to begin poring over the details and data. Impact Team, the group behind the hack, declared that it was releasing the information because Ashley Madison had lied about the male-female account ratio on its website. At the time, the hackers claimed that 90-95% of the accounts on Ashley Madison were male, with “thousands” of fake female profiles. New research shows this may happen a dramatic underestimation.

Gizmodo’s Analee Lewis combed through the database, selecting tell-tale signs that the 5.5 million female accounts on Ashley Madison were fake. Sure enough, she found some, including IP addresses that showed accounts were created from and tens of thousands of accounts that listed an email address as their primary contact point. These email addresses were even listed in sequential, bot-like fashion —,, etc.

One critical piece of information captured in the leak was the last date a user had checked their messages. If a user never checked their inbox, the field was completely blank. If they logged in even once, that information was recorded. Ashley Madison also records the last time a user answered messages; this can be handled in a separate field without actually clicking on the inbox, which is why the data logs show different numbers for the women who checked mail versus replying to a message.

In both cases, however, the numbers are staggeringly low.

Data courtesy of

Over 20 million male customers had checked their Ashley Madison email boxes at least once. The number of females who checked their inboxes stands at 1,492.

There have already been multiple class action lawsuits filed against Ashley Madison and its parent company, Avid Life Media, but these findings could send the figures skyrocketing. If true, it means that just 0.0073% of Ashley Madison’s users were actually women — and that changes the fundamental nature of the site. Ashley Madison wasn’t selling the ability to have an affair for any sane definition of the word. It was selling the fantasy of having an affair. It might not be morality of cheating on one’s spouse that brings the house down, but the perils of false advertising.

Is total honesty a good thing for society?

One issue raised by privacy advocates in the wake of the Ashley Madison hack, and that’s certain to come up again now that we know the overwhelming majority of men were literally incapable of having an affair on Ashley Madison, is whether or not this type of total social disclosure is good for society. Technology allows unparalleled amounts of information to be vacuumed up, from license plate readers to invasive telemetry-gathering in Windows 10.

It’s easy to be distracted by moral superiority in the Ashley Madison case. Cheating on one’s spouse is frowned upon by the overwhelming majority of Us americans, including those in non-traditional relationships. Nevertheless, there are guaranteed to be people caught up in the hack that can now be accused of having explored having an affair who had no serious intent to do so. Journalists, researchers, people who created accounts out of curiosity, and those who might have created an account before actually getting married are all potential victims. Such individuals will only be a fraction of the millions of men who signed up on the site, but they exist — and determining who they are will cause a great deal of pain for all involved.

The bigger problem that this hack points out is that all of us have, at one time or another, flirted with doing something we knew we shouldn’t do. That could mean a beer at a strip club through a friend, an hour at a singles bar, or that time we flirted just a little too much through a friend or co-worker. Some of those accounts on Ashley Madison were almost certainly created during times of extreme stress in a relationship when one or both parties were looking for resolutions, considered cheating, and moved away thereafter.

All of us have said things out loud and then been glad no one else heard them. All of us have done things we aren’t proud of. The privacy invasions inherent to so much of modern technology allow for a devastating compilation of these moments in the wrong hands, and could be used to expose huge amounts of personal, embarrassing information about people who have committed no crimes and taken no significant action. Sooner or later, hackers will penetrate one of the huge data clearing houses like Acxiom, or even Microsoft or Google. No one’s security is perfect forever. The ability to track people’s physical location or online activities does not guarantee that such information will undoubtedly be used wisely or prudently.

I have no sympathy for Ashley Madison users who signed up for service that promised the ability to cheat on one’s spouse, and I suspect few people do. The fact that what these people did was reprehensible, however, shouldn’t be used as a reason to dodge the larger issues that surround the hack itself. Do we want to live in a world where our every action are subjected to global scrutiny if a third-party company doesn’t perform its due diligence?

You may possibly remember that in July, anonymous hackers threatened to reveal stolen personal information of some 40 million users of the controversial dating website (Ashley Madison’s tagline: “Life is short. Have an affair.”) The hackers, who call themselves Impact Team, said they would post the stolen user data publicly unless Avid Life Media, Ashley Madison’s parent company, took the site and another,, permanently offline.

Avid Life Media did not take its sites offline, and on Tuesday, those hackers appeared to make good on their menace. Ars Technica reporters downloaded a 10-gigabyte file via BitTorrent that “appeared to contain a trove of details taken from a clandestine dating site.” The file contained personal e-mail addresses, profile descriptions, and addresses, as well as users’ weights and heights, Ars Technica reported.

“This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the in-patient members of, as well as any freethinking people who choose to engage in fully lawful online activities,” Avid Life Media said in a statement to Wired. “The criminal, or criminals, tangled up in this act have appointed themselves due to the fact moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We’re going to not sit idly by and allow these thieves to force their personal ideology on citizens across the world.”

Large number of government and military employees may have some explaining to do after their names turned up in user data stolen from marital affair concierge service Ashley Madison.

The website’s user data was hacked in July by a group called Impact Team, and that data was released on Aug. 18 when Ashley Madison parent company Avid Life Media failed to comply with the group’s demand to take down the site.

Among the 32 million users in the released list – which includes names, addresses, phone numbers, transaction details and email addresses (no credit card numbers) – are more than 15,000 registered military and government email address, The Hill reported


Privacy Violations Plague VA Facilities in MinnesotaAnonymous Threatens to Expose KKK-Associated Politicians

This is how the hackers introduced the release of data:

Twitter user @t0x0pg released the results of one database search that looked for .mil and .gov email addresses. The U.S. Army tops the government list, with 6,788 hits. Though the database contains many accounts with fake personal information, it seems unlikely that anyone would manufacture an email suffix like 

Of note, however is one British parliamentarian whose email address was included on the list — but said it had been stolen and used without her knowledge, Reuters reported.

The following is a variety of the top 10 most popular branches of government for infidelity, including the organization’s name, the email domain referenced by the search, the number of total members of that organization plus the number of hits found in the released Ashley Madison (AM) database.

  1. U.S. Army ( – 541,291 enlisted and officers, 6,788 AM users
  2. U.S. Navy ( – 317,237 enlisted and officers, 1,665 AM users
  3. U.S. Marine Corps ( — 195,338 enlisted and officers, 809 AM users
  4. More U.S. military ( — 206 AM users
  5. U.S. Air Force ( — 333,772 enlisted and officers, 127 AM users
  6. U.S. Department of Veterans Affairs ( — 312,841 employees, 104 AM users
  7. Federal Bureau of Prisons ( — 36,849 employees, 88 AM users
  8. State of Kentucky ( — 73 AM users
  9. U.S. Navy Medicine ( — 62 AM users
  10. More U.S. Army ( — 55 users

Though 7,000 may sound like lot of unfaithful U.S. Army soldiers, it’s only about 1 percent of the group. 

Why Kentucky email addresses rate so high on the list is ambiguous, and Kentucky Gov. Steve Beshear’s office did not respond to requests for comment by press time. 

Though not making the top 10, also notable on the list is, with 44 registered users.

Though the 9.7 gigabyte file was initially available by accessing a .onion address on the Dark Web, the data is now searchable online, and CNN Money has independently verified that at least one tool returns accurate results. The danger of being exposed, the news outlet reports, is very real.

The hacking incident involving the infidelity webpage Ashley Madison shows how perilous privacy expectations are in the digital age, leading one Washington Post writer to label the incident due to the fact “Pandora’s box” of Internet privacy cases.

“Amid the gloating on Tuesday night, a few people recognized the Ashley Madison leak as something much bigger than a chance to snicker: a turning point for American society, the Internet and maybe even marriage itself,” said Michael E. Miller, the foreign affairs reporter for the Post.

Miller and others are discussing the potentially big impact the scandal could have on the concept of Internet privacy and the current state of protections and safeguards for Internet users in the United States, and also Canada, where website is based.

For example, Miller points to an analysis from John Herman at The Awl that looks at how the publicly available hacked data has far-reaching impacts.

“If the data becomes as public and available as seems likely right now, we’re talking about tens of many people who will be publicly confronted with choices they thought they made in private (or, in some cases, didn’t: Ashley Madison does not validate all email addresses). The result won’t just be getting caught, it will be getting caught in an incredibly visible way that could conceivably follow victims around the Internet for years,” Herman said on The Awl webpage.

The incident could also spark a new debate in the U.S. about the controversial European legal concept of “the right to be forgotten,” which allows EU citizens to ask Google and other search providers remove links to unflattering stories about them from their search services.

In the United States, Internet users facing a potentially embarrassing situation have fewer options. Strictly, the Fourth Amendment pertains to the government’s desire to obtain your personal information; it doesn’t offer privacy protections in civil matters. In the case of Ashley Madison, the private web publisher now faces lawsuits over the hacks – if the people suing Ashley Madison would you like to risk facing more publicity.

In Canada, two lawyers filed a $578 million class-action lawsuit against the Toronto-based website’s parent company. A lawsuit seeking $5 million has-been filed in Missouri.

Ashley Madison’s parent company, Avid Life Media, is trying a unique tactic to limit access to the stolen databases online in the U.S., by pursuing take down requests under the Digital Millennium Copyright Act, or DMCA. The DMCA allows people and companies who claim to own a copyright to content to have that content removed from online if it is used without their permission. There is also a resolution process if there is a disagreement over ownership.

The websites Gizmodo and Politico have reported that Avid Life Media sent out DMCA takedown requests to web sites made the databases searchable, or showed images of the database content.

Technology journalist Joseph Cox provided one of the take down requests to Politico. “A spokesperson for Avid Life Media did not return requests for comment, but the firm told Twitter that Cox’s tweets should be taken down because ‘Avid owns all intellectual property in the data,’ according to the takedown request provided to POLITICO by Cox,” the website reported.

Some experts were skeptical that Avid could claim the databases were subject to copyright protections. “Ashley Madison is using the DMCA in a way that it was never designed to be used in order to suppress reporting on the issue,” Andy Sellars from Harvard Law told Gizmodo.

As of Friday, the Washington Post and other media outlets had stories with links to two active Ashley Madison databases. Even the reporting of the existence of the databases has led to controversy over journalism and ethics, since Ashley Madison didn’t use a process to verify email addresses linked to accounts.

Some media outlets reported names in the Ashley Madison database, while other didn’t. Harvard’s Sellers told that traditional journalism outlets were walking a fine line in how they reported the story.

“You’re walking them to the line and you’re doing so knowing that there are these services out there allowing them to search the database,” Sellars said. “How much are you actually protecting identity here if you’re giving them all but the name?”

But as’s Matthew Ingram pointed out, the Ashley Madison story is one being defined beyond traditional media.

“Ultimately, it may not even matter what choices mainstream media outlets make about what is newsworthy and what isn’t. In an age of ubiquitous publishing platforms like Twitter and Facebook, and undoubtedly web pages like Reddit and 4chan, anyone with a computer or a phone and an Internet connection is effectively a member of the media, whether they admit it or not,” Ingram wrote.


, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Comments are closed.