Ashley Madison Data Breach

April 2017 update:

HGD is NO LONGER taking any new clients for the Ashley Madison lawsuit. 





Extramarital site Ashley Madison and its parent company Avid Life Media were hacked which has affected the 37 million site users. Hackers have made public the private information of millions of users of Ashley Madison, which promotes itself as the go-to website for infidelity. Its motto: “Life is short. Have an affair.”

The hackers behind the breach, who call themselves The Impact Team, first released snippets of the data back in July.The Impact Team has also released financial information about the company that runs it, Avid Life Media, and the emails of its CEO, Noel Biderman’s.

Ashley Madison Timeline InfogiraphicThe hack was revealed by security expert Brian Krebs in a blog post on July 19. Hackers calling themselves the “Impact Team” say they will release sensitive data if the site is not shut down. Avid Life Media says on July 20 it is working with law enforcement in the United States and in Canada, where the company is based. “The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.”

The first data dump was discovered on August 18. The hackers posted the names, partial credit card numbers, email and physical addresses, and sexual preferences of 32 million customers on the so-called Dark Web, meaning they are public but hard to find for ordinary Internet users. The stolen database of people who used Ashley Madison made its way to the Web on August 19, making it easily searchable on several websites. The data in zipped format was about 9.7 GB and was initially shared to Pastebin (removed) and Onion, which is only accessible through the dark web Tor browser. Of the supposed 40 million users, the data includes nearly 32 million users spanning back to 2009 or 2007. Although many users did not use their actual names or addresses, some credit card information will link the two together. Others have used pre-paid credit cards and false identities to avoid possible detection. The site also did not conduct email verification, meaning unpaid accounts could be falsified.

Information containing Biderman’s emails was released on August 20, but the file became corrupted so it can’t be fully accessed by the public. The hackers released their third batch of stolen information on August 21, fixing a file containing Avid Life Media CEO Noel Biderman’s emails that had been corrupted.

back to top


Our Ashley Madison lawyers believe that the company failed to heed its own employees’ warnings about the vulnerability of customers’ data. In the Avid Life Media lawsuit filed by our firm, we report that an unnamed employee at Ashley Madison listed for the site “technical issues that could lead to a data breach occurring, as well the legal problems that may come with that.”

In an internal company document called “Areas of concern – customer data.docx,” the lawsuit claims one employee noted that user data was exposed to phishing or SQL injection — two common methods used to steal user data.

“Another employee worried about remote code execution — when an attacker can run code on a victims computer over the internet — and yet another employee pointed to employees being infected with malware, ‘allowing hackers access to our user data,’” the Ashley Madison lawsuit noted.

According to our Ashley Madison lawyers, Avid Life Media didn’t abide by the security and payment processing industry’s standards for holding user data.

In 2012, Ashley Madison’s CTO, Raja Bhatia, admitted in an internal email that the site had security risks.

“There will be an eventual security crisis amongst one of your properties and the media will leap on it as they always do,” he reportedly wrote in an email, which was fittingly revealed as part of the hack.

back to top


Discreet_ALMThe company behind the website, Avid Life Media, knew it couldn’t protect user data. That’s why, in the fine print, Ashley Madison says, “We cannot ensure the security or privacy of information you provide through the Internet.” Compare that to the lofty promise it makes on the website front door for “100% discreet service.”

In an interview with Motherboard, the hackers say that Ashley Madison had “no security” and that they aren’t done yet.

The hackers also found evidence that the “full delete” service did not work. “Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote in their manifesto. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”

back to top


The data released in August of 2015 may include some (if not all) of the following:

  • Creation date and last updated date, down to the second
  • Account type and membership status (listed as a 0, 1, 2, or 3)
  • First and last name (at least, the one given) and nickname
  • Listed street address, including city, state, zip code, and in some cases even the latitude and longitude lines
  • Up to three phone numbers, including work and mobile (if provided)
  • Gender (approximately 27 million male-identified and 4.4 million female-identified accounts, which is about a 6-to-1 ratio with 2 million undetermined)
  • Date of birth
  • Profile caption (examples include “No Games Please.” and “I May Be Spoken 4 But I Speak 4 Myself”)
  • Weight and height, the latter of which seems to be listed in centimeters
  • Certain attributes — ethnicity, body type, whether you drink or smoke, what you’re initially seeking, and what you’re relationship status is — are listed as just a number instead of a full text value. There’s no key provided, but certain numbers can be discerned in context (e.g. ethnicity “1” seems to be white, while “3” is Asian)
  • What you’re open to, what you’re looking for, and what turns you on — all listed as an array of numbers (presumably corresponding to a menu of options), a self-submitted description, or a combination of the two
  • Security questions (listed as a number; for example “2” might represent what high school you went to) and answers (in text)

back to top


Military Personnel

Emails and other private information of some 15,000 U.S. government accounts were exposed. Among them: Multiple Department of Justice lawyers and an IT specialist for the Department of Homeland Security who used personal email accounts but accessed government computer servers. The government accounts include some with .mil emails. Adultery is against the Code of Conduct for members of the U.S. armed forces. But under military rules, service members found guilty of philandering can be punished by a year of confinement. They’re also subject to a dishonorable discharge, which would mean losing their pension. Defense Secretary Ash Carter said on August 20 that the Pentagon is investigating.

Potential Job Loss

Certain employers will react negatively to the knowledge that their employees were using the site, and people could lose their jobs as a result. Government employees who could become subject to blackmail; schoolteachers in more conservative districts; elected officials; CEOs — all of these could face professional consequences, along with anyone else who has a morals clause in their employment contract. And the results could follow them — expect this data to become included as a part of pre-employment background checks for years to come.

Spammers and Blackmail

Spammers try to extort people whose information was made public. One group, for example, sends emails to Ashley Madison users demanding one bitcoin (around $225) to prevent information from being shared.

Personal Lives Destroyed

The worst impact of the Ashley Madison breach will surely be personal: while incredibly common, cheating also upends people’s lives and can lead to personal and professional ruin.

Several people directly affected by the data breach tell CNNMoney the stolen documents contain information that will be used in divorce proceedings. Exposed customers are concerned about getting fired from their jobs.

Avid Life Media, which owns the Ashley Madison website, tried to stop the spread of the leaked data. It issued copyright takedown notices to multiple sites that hosted or linked to stolen information, including Twitter.

back to top


Talk to your spouse and don’t lie

Tell your spouse why you were on the site. The evidence is already in the open, don’t hide it.

Think about your exposure

Next, think about who else might be looking for you and how you should handle the situation. For example, does your job have a morality clause, which could lead to you being fired? If you do community service work or volunteer with your church, would an association with Ashley Madison affect your membership?

Be prepared to explain your situation, and again, be upfront about everything.

Ignore blackmailers and check privacy settings

Blackmailers can match your email address to your Facebook or LinkedIn account. They can threaten to share your ties to Ashley Madison with people you know, but experts say these extortionists have nothing of value that’s not already in the public domain and you can safely ignore it.

Adjust your privacy settings on your social networks so that people can’t identify your friends and family or share any of your personal information with them.

Consider using a new email address

If you used your real email address on the site, you should consider getting a new one if you’re applying for a job — or going on dates. Doing so may help you limit the risk of a background check that could dig up your Ashley Madison information.

Be wary of online scams

You might be lured by links to malware that advertises itself as the stolen database — so don’t click.

Accept the fact that the data is out there

Focus on damage control now because there’s no way this data will ever be removed from the web.

Contact an Ashley Madison Class Action lawyer

Lawsuits against Ashley Madison have already been filed. An Ashley Madison lawyer can tell if you are eligible for financial compensation. Please contactus for a free confidential consultation.

back to top


Ashley Madison is potentially facing multi-million dollar class action lawsuits after a data breach released the personal information of its 37 million users. The Ashley Madison class action lawsuits are alleging that the defendants could have prevented the massive data breach by using reasonable precautions. The data hack class action lawsuit states that this could have been avoided by Ashley Madison “encrypting the data entrusted to it by its users on a database level so that any information hacked and downloaded appeared in the encrypted format.”

The Ashley Madison class action lawsuit is seeking compensatory and punitive damages for future Class Members who had their highly-sensitive personal, financial and identifying information released due to the hack.

Heninger Garrison Davis filed an Ashley Madison data hack class action lawsuit in Texas seeking financial compensation for potential Class Members who paid the $19 to have their information permanently deleted only to find that the defendant “broke such promise.”

Our client alleges that Ashley Madison violated the federal Stored Communications Act which states that “a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.”

We are seeking compensation for the emotional distress as well as the financial loss allegedly caused by the data hack.

back to top


Heninger Garrison Davis LLC is currently accepting Ashley Madison class action cases in all 50 states. If you or somebody you know was affected by the Ashley Madison data release, you should contact our lawyers immediately for a free case consultation.

back to top

Dura-Touch® Coating. Browning Class Action Claim Resolution Process. CLICK HERE »