Ashley Madison was pitched as a safe haven for infidelity, a confidential platform for connecting wandering spouses with new partners — until a hack exposed the darkest secrets of millions of users.
In 2015, hackers released the data of 36 million Ashley Madison users across 46 countries, including people’s names, phone numbers, addresses, credit card numbers, and even information about their sexual preferences, The New York Times reported at the time.
The leak outed swarms of high-profile users from reality stars to clergy. The fallout led to a slew of divorces and reports of suicide.
Eight years after the hack, no one has been charged in connection to the data breach.
RELATED: T-Mobile Data Breach Affects 37 Million Customers
Hulu is set to unpack the drama in a new mini-series titled “The Ashley Madison Affair” premiering on July 7.
Keep scrolling for everything you need to know about the infamous Ashley Madison hack.
What Is Ashley Madison?
The website Ashleymadison.com was founded in 2001 by former sports lawyer Noel Biderman.
The social media platform connected users looking for extramarital affairs and profited off the fees, which also included a $20 charge to delete users’ private information as an extra layer of protection.
Prior to the hack in May 2015, Biderman told the BBC that he started the website to normalize infidelity. At the time, he was on a mission to take his company public (which didn’t end up happening) after allegedly generating $150 million in revenue from subscriptions to the site the year prior.
RELATED: Marriott Just Got Hit By Another Data Breach—For At Least the 7th Time Since 2010
Prior to generating millions in revenue, Ashley Madison rose in recognition for its aggressive marketing efforts, according to Vox. In 2009, the website caused a stir for trying to buy a Super Bowl ad. Although it was rejected, the ad went viral on YouTube.
At the time of the hack, Ashleymadison.com was owned by Canada-based parent company Avid Life Media, which acquired Ashley Madison in 2007. That year, Biderman was appointed president and CEO of Avid Life. The parent company also owned several other websites that allowed people to indulge in fantasies.
What Happened When Ashley Madison Was Hacked?
On July 19, 2015, a hacking group called the “Impact Team” released a statement explaining they had hacked Ashley Madison and retrieved millions of pieces of confidential information. The group threatened to publish the data if the website was not deleted in 30 days.
The news was first reported by technology journalist Brian Krebs on his website Krebsonsecurity.com. According to the statement, which Krebs obtained, the hackers said that Ashley Madison “profits on the pain of others” and shared alleged company secrets, including that the “Full Delete” feature, which was supposed to scrub a users history on the website for a fee, was not doing what it promised.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group said. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is, of course, the most important information the users want removed.”
RELATED: I’m a Business News Editor, and Even I Fell Victim to an Online Scam That Cost Me $300
If Ashley Madison didn’t comply with the hacker’s demands, they threatened to release “all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
After no movement from Ashley Madison, the hackers went ahead and published 9.7 gigabytes of data from 36 million users on the dark web on August 18, 2015.
The hack released personal information and credit card history, including 15,000 government email addresses, Wired reported at the time. Additionally, the hackers alleged that the connections made on the website were fake and the work of bots.
“We have explained the fraud, deceit, and stupidity of ALM and their members,” the hackers said, per Wired. “Now everyone gets to see their data…. Keep in mind the site is a scam with thousands of fake female profiles. See Ashley Madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.”
Avid Life Media denounced the hackers in a statement after the attack and proceeded to cooperate with police. Despite offering a $500,000 reward in Canadian currency (equal to $380,000 U.S. at the time), no one has been charged in connection to the hack to this day.
RELATED: A Retired Teacher and Her Daughter Were Scammed Out of $200,000 Over Email: ‘I’m 69 Years Old and Now I’m Broke and Homeless’
Who Was on the Ashley Madison List and What Celebrities Were Called Out?
When people’s names were revealed, news outlets struggled with the ethics of reporting who exactly was on the list. However, The Guardian reported that politicians, priests, military members, civil servants, and celebrities were among the hundreds of public figures named for having Ashley Madison members.
The aftermath of the hack cost lives.
Two people died by suicide after being outed for their participation on the platform, Reuters reported at the time. Additionally, CNN reported that a pastor and professor at New Orleans Baptist Theological Seminary, John Gibson, took his life after he was exposed on the website. He was 56 years old.
Josh Duggar, whose greatly religious family was known for their hit TLC show “19 Kids and Counting,” was called out for paying nearly $1,000 for two Ashley Madison accounts from 2013 to 2015. He married his wife Anna in 2008.
“I have been the biggest hypocrite ever. While espousing faith and family values, I have secretly over the last several years been viewing pornography on the internet and this became a secret addiction and I became unfaithful to my wife,” he said in a statement at the time, according to the International Business Times.
Despite his infidelity and later his child pornography prison sentence, he and Anna are still married.
RELATED: Avoid Falling Victim to a Remote Job Scam With These Expert Tips
Other notable names exposed in the hack were Christian blogger Sam Rader, Casey Anthony prosecutor and Florida state attorney Jeff Ashton, and Josh Taekman, husband to former Real Housewives of New York star Kristen Taekman.
“I signed up for the site foolishly and ignorantly with a group of friends and I deeply apologize for any embarrassment of pain I have brought to my wife and family,” Taekman said in a statement at the time. “We both look forward to moving past this and getting on with our lives.” The Taekmans are still married.
Founder Noel Biderman wasn’t safe from the hack, either. The leak included three years of stolen emails from Biderman exposing his extramarital affairs. He had previously denied participating in his own website, Krebs on Security reported.
He resigned from his position as CEO in August 2015.
Where Is Ashley Madison Now?
In the months and years following the attack, many of those exposed have been the target of extortion emails. In some cases, the emails revealed personal information and demanded $1,000 in Bitcoin as ransom, according to Forbes.
After Biderman resigned as CEO, he was replaced by Rob Segal as CEO and James Millership as president in April 2016, per The New York Times. They later changed the name of the parent company Avid Life Media to Ruby Corp.
Together they ramped up damage control, including highering outside help to secure their website from future attacks and publicly stating their no-bot policy.
Additionally, they were investigated by the FTC and hit with a slew of lawsuits. In December 2016, the FTC found that Ashley Madison deceived its customers and failed to protect its users, a press release stated at the time. They were ordered to pay a $1.6 million settlement.
RELATED: A Scammer Posing as Elon Musk Tricked a Florida Principal into Sending $100K in School Funds: ‘I Fell for a Scam’
In July 2017, Ruby Corp agreed to pay an $11.2 million settlement following a class action lawsuit on behalf of the 36 million users, according to Reuters.
However, the hack didn’t hurt Ashley Madison’s numbers. In 2016 the website had 45 million subscribers and brought in $80 million in revenue, per NYT.
In 2017, Paul Keable stepped up as Ruby Corp CEO, which he still holds today. He said that the website reached 65 million subscribers in 2019 during a March 2020 interview with Venture Beat. Additionally, he said the website received 17,000 new subscribers a day during the throws of the COVID-19 pandemic.