Modern field guide to security and privacy

Ashley Madison breach a painful reminder of online data's permanence

The apparent perpetrator behind the Ashley Madison leak claimed the attack was over the company's treatment of sensitive user data. But experts say that data shared with Web companies rarely ever goes away.

Chris Helgren/Reuters
An logo seen at the entry to its parent company's office in Toronto.

The Ashley Madison breach is undoubtedly alarming to the millions of people who used the site that encouraged extramarital affairs – especially to any customers who paid to have their data scrubbed from the site.

If you believe the apparent attackers – the individual or group calling itself the Impact Team – Ashley Madison retained customers' names and addresses even after they paid $19 for a "full delete" of their details. After the Impact Team posted some Ashley Madison user info online earlier this week, the company defended its practices and said it "does in fact remove all information related to a member’s profile and communications activity."

Regardless of who is right in this case, the Ashley Madison breach highlights a stark reality when it comes to controlling personal information shared online: Truly deleting it takes more effort than dragging a file to a virtual trash can.

"You don’t have any good way to ever ensure that that data is gone," said Doug White, a digital forensics expert who also teaches at Roger Williams University. 

Auditing a site’s deletion claims can be nearly impossible, Mr. White and other experts said. Even if the site says it will delete user data, there is no sure way for customers to check if the data is permanently gone.

Furthermore, requesting a complete data scrub can be complicated for customers. As Ars Technica noted in an article last year, many users found that the process to delete their profiles and information on Ashley Madison was complicated and confusing. The "full delete" service offered by the site includes erasure of a user’s profile, private messages, profile, site history, photos, and other personally identifiable information. 

But even when users request that data be removed from websites, companies have little incentive to actually erase it, said Andrew Sudbury, cofounder of the online privacy company Abine. He said full deletion of user data is not a common practice among Web companies because it has become so easy to store lots of information in cloud servers and there's little legal pressure for full data deletion. Plus, he said, customer data is a goldmine for companies that can analyze and sell it for additional revenue. 

Full data deletion is also a labor intensive process. For instance, a site such as Ashley Madison would need to remove the information from every server the data exists on, including backup servers. This can be complicated if the company does not keep a thorough inventory of the kinds of information stored and where it is housed. Even after the information is "deleted" from a server, to truly ensure it is erased will mean writing over the data.

One way to aid data deletion is encryption, said Jacob Hoffman-Andrews, senior staff technologist at the Electronic Frontier Foundation. If a user’s data is encrypted with a single key, destroying the key associated with an account is easier than finding and wiping each place the customer's data exists. That way, the information remains encrypted, but the key to decrypt the information is gone. The key will similarly need to be deleted and overwritten for it to be erased.

The Ashley Madison breach is "also a good case of, ‘Don't retain more data than you need,' " Hoffman-Andrews wrote in an e-mail. He recommends that all companies that store personal data audit their systems often to make sure everything they think they are deleting is actually being erased.

When it comes to data deletion, Ashley Madison may not be as bad as many other so-called dating sites, according to the EFF. In its 2012 ranking of dating sites based on their security and privacy practices, Ashley Madison was among the 3 out of 8 sites ranked that earned high marks for data deletion practices.

Even on personal computers, deleting data takes a more effort than dragging a file to the trash, emptying it, and calling it a day. Users must go a step further to eradicate the file. While the you can’t see the file anymore, White, who also teaches at Roger Williams University said, the information can still exist on the hard drive.

"Someone with piece of forensic software can find it and theoretically recover it depending on how many times you’ve written things to the disc, how many pieces of information have been stored now since it was deleted,” he said.

To ensure the file is destroyed, specialized software must be used to find the physical location of the information on the hard drive and write over it with new information at least once. According to White, more security conscious users might write over the file hundreds or even thousands of times.

When it comes to giving out personal information to any websites, experts urge consumers exercise caution. White recommends supplying a website with a fake name and address if possible, and have a credit card that is only used for more trusted sites.


You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Ashley Madison breach a painful reminder of online data's permanence
Read this article in
QR Code to Subscription page
Start your subscription today