No one was more shocked at finding their name among the 32 million Ashley Madison subscribers than one Penn professor.
The Aug. 18 hack released 9.7 gigabytes of private user data, including names, email addresses and credit card information. There 104 subscribers with upenn.edu email addresses. Out of the 15 Ashley Madison subscribers interviewed by the Daily Pennsylvanian, more than half said they were hacked and didn't sign up for an account themselves.
“Every day, I get a scam message notification,” said the professor, a scholar of women’s health.
He never signed up for Ashley Madison and believes his email was acquired when a virus struck his computer earlier this year. During that virus, he later said, his information must have been used to register for an account.
The professor’s research on women’s health, he claims, tends to make his computer more susceptible to malware and fake links.
After making a Google search about female anatomy, “I was getting all kinds of pornographic emails,” he said. The emails were most likely from other Ashley Madison subscribers who often solicit other users. He visited an IT official at Penn who identified the virus and cleared it from his system, but was still not aware the emails might be connected to the adultery website.
He only found out when he was contacted by The Daily Pennsylvanian.
“It makes you wonder how much that’s going on [the Internet] that we’re not aware of,” he said.
In an analysis of the 104 upenn.edu emails registered on the Ashley Madison website, the DP was only able to verify that 36 of them were functional and connected to real people. The website doesn’t require email verification, meaning a user can subscribe with someone else’s email or a fake one.
An alumnus whose email was registered with the website also felt alarmed by the news. He never registered for the site, but believes it may have been linked to an identity theft from last year.
“I had some issues with ID theft — I had some money taken,” he said. After learning that his email was registered with Ashley Madison, he called his credit card company, who said he had not been charged for the site.
Like the other users contacted for this article, he asked for his name to not be used because of the public shame associated with being linked to the infidelity website.
The Ashley Madison data breach has caused panic overseas, especially in countries where adultery is against the law. The BBC reported that in Saudi Arabia — where adultery can earn someone the death penalty — 1,200 email accounts were registered with Ashley Madison. According to the New York Post, two suicides have been linked to the Ashley Madison leak in Canada.
While the professor and alumnus were not contacted by anyone after the hack, other subscribers received threats that their registration status would be made public unless they paid money.
One current Penn student received an anonymous threat after the Aug. 18 hack, demanding Bitcoin — a form of online currency — in exchange for the blackmailer not contacting the user’s friends and family. The user ultimately chose not to pay, and has not heard back from the blackmailer.
Rick Romero, the founder of a free email provider called VFEmail, found evidence of spammers using his service to send threats similar to the one described by the current student, according to a report by Krebs on Security, an information technology blog.
While Romero’s filter stopped many of the threats from being sent, he estimated to CNNMoney that around 500 were issued before the filter was activated.
Four other Penn-affiliated users admitted to legitimately registering for the website, but either deleted or abandoned their account shortly after. Their data remained in Ashley Madison’s database, despite the company’s assurance that users could delete their personal data for $19. Impact Team, the hacker collective allegedly responsible for the leak, released the data to expose Ashley Madison’s collection of ex-subscribers’ information, according to Zero Day, a technology blog.
"These days, [hacks] happen all the time," the women's health professor said. "It’s like a race for IT people to keep up with the people that have been hacked. I’m always curious how the hackers benefit from this."
Please note All comments are eligible for publication in The Daily Pennsylvanian.