ABSTRACT
On July 15, 2015, a group calling itself "The Impact Team" stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The group copied personal information about the site's user base and threatened to release users' names and personally identifying information if Ashley Madison was not immediately shut down. On August 18 and 20, the group leaked more than 25 gigabytes of company data, including user details. Because of the site's policy of not deleting users' personal information—including real names, home addresses, search history, and credit card transaction records—many users feared being publicly shamed. The Ashley Madison breach included usernames, first and last names, and hashed passwords for 33 million accounts, as well as partial credit card data, street names, and phone numbers for a huge number of users. There were also records documenting 9.6 million transactions and 36 million e-mail addresses.
