You don’t necessarily need a hacker to find out if your partner—or anyone else—is using Ashley Madison, the cheating website that recently suffered a massive data breach that exposed data for 37 million users.
The trick, reported on by security researcher Troy Hunt, is simple enough that anyone can do it.
Hunt scouted out Ashley Madison’s password reset form to see if the site gave away any information on members’ email addresses. Ashley Madison actually handles this form well—at least it seems so initially.
When you enter a bad email address, the notice doesn’t give away whether or not the email address exists in Ashley Madison’s database. “If” it does, the site tells the user, an email will be dispatched.
The problem comes when you enter a good email address, which is exactly what someone might do if they’re checking on a spouse, co-worker, or boss.
The difference is subtle at first but big enough to give away the whole game. The text box is removed when you enter an email address in Ashley Madison’s database.
All of sudden, your membership is no longer a secret and it took no clever hacker, only one big mistake of the company’s developers.
Being discovered on Ashley Madison could be a huge deal. A spouse might end a relationship over infidelity, blackmailing or public shaming might occur, and you might even serve a few years in jail if you find yourself in the wrong jurisdiction.
All websites can be hacked. If you’re in a position where a data breach or even a simple design mistake like this would negatively impact you or put you in danger, the answer is to manage separate identities as best you can.
At the very least, using untraceable email addresses is a solid first step. Fake names and even cryptocurrency can further cover your tracks, whether you’re using Ashley Madison and are afraid of being caught or are a citizen journalist staying anonymous.
Anonymity takes work. If you don’t put that work in, a simple little mistake like this can be your undoing.
H/T Motherboard | Illustration by Fernando Alfonoso III