Here’s Who’s Been Fingered in the Ashley Madison Hack

Things are getting pretty ugly.

Since hackers Impact Team began releasing massive amounts of data siphoned from there has been a rising tide of shame and schadenfreude. Suspicious spouses and curious journalists are plugging email addresses and other data into sites that crawl the data dump. Here’s a look at who’s losing (and gaining) from what’s being called a “wake up call” on security and privacy for the digital age.

A ton of public employees used the service. Of the nearly 40 million compromised accounts, the Associated Press found a decent number of federal employees. The government workers “included at least two assistant U.S. attorneys,” the AP reports, as well as “an information technology administrator in the Executive Office of the President; a division chief, an investigator and a trial attorney in the Justice Department; a government hacker at the Homeland Security Department and another DHS employee who indicated he worked on a U.S. counterterrorism response team.”

The AP also traced accounts to the Department of Defense, which presents another issue entirely as the Uniform Code of Military Justice tends to consider adultery a crime. Defense Secretary Ash Carter told the A.P. that “The services are looking into it and as well they should be.”

What about any notable people who now look like hypocrites? Well, there was former reality star and lobbyist Josh Duggar. Duggar, oldest son of the conservative Christian clan famously featured in TLC’s 19 Kids and Counting, had already weathered one scandal regarding the molestation of several underage girls, including two of his own sisters. Confronted with the Ashley Madison data, he issued a public apology in which he said he had been “the biggest hypocrite ever” and seemed to connect his interest in a cheating site with “a secret addiction” to porn (the New Yorker‘s report about Duggar notes his first statement was edited to cut the reference to porn, taken offline and then published again).

Duggar was just the first name whose image seemed at odds with membership on a website devoted to adultery. Sam Rader,  half of a couple who have produced personal and religiously-themed viral videos, also admitted he’d joined the site when confronted with his data. But in his video admission he said had “never had an affair with anybody” while married and his “account was opened out of pure fleshly desire and just simple curiosity.”

What about that expected deluge of divorces? One of the first drops in the coming storm of enraged spouses came when a woman contacted a British law firm shortly after the data became available. Her attorney, Nigel Shepherd, spoke to the Daily Mail and said, “If someone finds out if their partner is set up on a site which exists wholly for facilitating adultery, it’s hardly surprising they are taking advice about it.”

The Mail reported that if Barrister Shepherd’s client takes it all the way, hers would be the United Kingdom’s first Ashley Madison-related divorce. Some who find the last name they wanted to see in the Ashley Madison data aren’t taking it straight to court yet — the Mail also reported calls to couples counseling services spiked soon after the hacked data went public.

How about anyone I know? With almost 40 million people’s personal data caught up in the , chances are you at least know someone who knows someone who could be embarrassed by that one time they just wanted to, you know, check things out. Or some cheaters. Either way!

What else could go wrong? Cyber security expert Brian Krebs reports the hack  has already sparked extortion attempts. Krebs writes that “extortionists already see easy pickings” in the Ashley Madison data and other security experts tell him that the cons “are likely to increase in number, sophistication and targeting.” There is also a danger cyber attackers could use the lure of exposing a cheater to pull even more complicated attacks on other systems through deploying malware or spyware.

Okay, how bad can it get? Pretty bad. A few email addresses attached to San Antonio, Texas city employees turned up in the data. On Thursday one of those employees committed suicide, though the San Antonio Express-News was careful to state “it wasn’t clear Friday whether his death had anything to do with the leak.”

Now what? The fallout from the hack seems likely to continue for months, even years to come. Meanwhile a basic form of situational awareness still applies for anyone concerned an Ashley Madison account might come around to bite them in the ass — change passwords, even phone numbers if necessary, consider credit monitoring and up-to-date virus protection. 

If there is reassurance to be had, it’s that Impact Team grabbed so much information and uploaded it in a form that takes a little technical know-how to parse. Also, of the millions of compromised accounts, many will contain outdated or unusable details.

It doesn’t pay to sit on pins and needles if you fear this historic breach will affect you. But if you think your personal data’s been compromised, do yourself a favor: take your security seriously and think twice before you sign up on some seedy site.

Photos by Gallo Images/Getty images