Pre-Employ Blog

How to Search the Ashley Madison Database Leak ( HR Beware )

Posted by Bob Mather on August 22, 2015

As a Private investigator and CEO of one of the nation’s largest background screening companies, I have recently been contacted by individuals wanting to search the Ashley Madison ( AM)  Database leak. many are worried that the AM data leak will affect employment decisions in their company.

Strangely, few I have spoken to seem to need advice on how to handle the personal angst of a spouse finding their information in the data leak or how to handle a situation where their partner is found in the data leak. But I have had variations of the following questions asked repeatedly

  • How can I search the leaked database? (See below for search options)  
  • I am an employer, what if my employees are in the leak? 

LIke this story? 

Subscribe to our Blog HERE!

Before we answer the questions it’s important to understand the facts behind this data hack leak:

:ashleymadison-580x370

 

What is Ashley Madison?

Ashleymadison.com  is a Canadian-based online dating service that launched in 2001.  It is owned by a company called Avid Life Media. (AVM) It’s marketed towards people who are “married or in a committed relationship.” According to the website, they have 32 million members in 46 countries with someone new joining every 6 seconds. AVM owns other sites like Cougarlife.com and establishedmen.com.

 Were More Than just Emails Leaked?

Yes, besides email addresses, the AVM hack  leaked maps of internal company servers, employee network account information, company bank account data and salary information were stolen and released.

 

Like this story and others? Subscribe to our blog here:  

 

Who Did This and Why?

A group of hackers calling themselves “The Impact Team” hacked and released the data.They claimed  that a fake profile lawsuit and the lie to users that paid $20 so that their profile would be removed angered them. In the release post  below, they state “It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you'll get over it.

 

Reddit_impact_team

 

 In the fake profile lawsuit mentioned by “the impact team”, Doriana Silva of Toronto claims she was paid $34,000 a year to write fake female profiles for AVM and sued for $20 million dollars.

 

The "lie" of a permanent delete service mentioned was addressed specifically by “the Impact Team”:

“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”

impactteam-580x657

 

I am an Employer. What if my employees are in this leak?

Many legal professionals are scratching their heads when asked this question. Public employers as well as private employers have much to consider.

Proving that an employee violated company policy may be trickier than you think. Their appearance doesn’t necessarily mean that the individual ever visited the site or signed up. If they did sign up, it is conceivable they signed up from home and never accessed the site at work. Each company needs to discuss this with their legal teams and review their company policy.

The website DCist pointed out, the leaked records list 15,019 accounts using an email address belonging to domains used by the US government or the military. Some 6,788 accounts used us.army.mil emails, while the Navy and the Marines accounted for 1,665 and 809, respectively. An unverified complete list of government addresses found by count is listed here: http://pastebin.com/U4QQEaBE

 Bank of America is one private employer that have had employees outed as using their work emails and being on the ashleymadison.com data hack release.2B81FE7000000578-0-image-a-3_1440077526383

  

And although there are many questions to ask yourself as an employer, it really boils down to these:

Did the employee violate a company policy? (Use of corporate email for personal, your internet policy, Social Media Policy Etc.)

Proving that an employee violated company policy may be trickier than you think. Their appearance doesn’t necessarily mean that the individual ever visited the site or signed up. If they did sign up, it is conceivable they signed up from home and never accessed the site at work. Each company needs to discuss this with their legal teams and review their company policy.

In a article posted on TimesFeeePress.com Public employers like the Tennessee Valley Authority (TVA) were quick to publicly address the potential employee disciplinary action. TVA spokesman Jim Hopson said Thursday the authority has "very clear policies about the appropriate use of government computers and government email servers." Surfing a cheating website is outside of those rules, he said.

Employees are even reminded of that policy every time they boot their computers, he said.

"Obviously our cybersecurity personnel are looking into this to see if any further action is required," Hopson said. TVA is cross-referencing the data with its own cybersecurity logs to determine what activity was actually done on TVA servers.

Private employers who choose to address these issues will need to look at their polices also.

Many private employer policies have statements similar to the City of Chattanooga that employees sign upon hire:  "Game playing or other trivial applications that interfere with work" and using the Internet for "surfing," displaying "obscene, lewd, sexually explicit" images or other activities supervisors find inappropriate. Employees are not allowed to use computers for or emails for "illegal, immoral, pornographic or other unbecoming purposes.

Is this violation “cause” for termination or disciplinary action?

In the case an employee’s company email is found in the data leak, most legal professionals I have spoken with have advised to make sure that “the punishment fits the crime” 

Is this a policy decision or an emotional decision? Is there a Union involved? Is this position really a “At Will” Position and more.

Each incident needs to be investigated separately and thoroughly in combination with your current company policy / procedures handbook. 

What if I don’t have an internet/email/computer usage policy?

There is no substitute for speaking with your attorney. If you do not have a policy in place, you should immediately consider doing so. The Society of Human Resource Managers offers a free sample template. Review it with a professional and decide if this or other policies need to be put in place. You are encouraged to review the compete SHRM Sample Policies that include:

  • Appropriate Use of Telephone Policy
  • Cell phone Use Policy
  • Company Cell Phone Policy
  • Computer Passwords
  • Computer, Email and Internet Usage
  • Electronic Communication Device Policy #3
  • Electronic Devices: Bring Your Own Device (BYOD) Policy
  • Electronic Devices: Cellphone/Personal Digital Assistant (PDA) Policy
  • Electronic Devices: Electronic Communications Policy
  • Electronic Devices: E-Mail Policy
  • E-Mail Policy
  • Internet Use
  • Personal Phone Calls
  • Recordkeeping Policy: Record Maintenance, Retention and Destruction · 
    Record-Keeping Policy: Safeguarding Social Security Numbers
  • Social Media Policy
  • Software Programs Policy
  • Workplace Monitoring Policy: Telephone Monitoring
  • Workplace Monitoring Policy: Use of Company Property

How can I search the AM data leak?

One executive I spoke with told me he was having his IT team download the entire database to check it against their employee files. There are several reasons not to do that and USA today said it best in their Aug 21st story “No matter how curious you are, there are two reasons not to download the Ashley Madison database of would-be cheaters: It's potentially dangerous and it's stolen property. Downloading it is legally the same as downloading a pirated movie. It's stolen property, said Scott Vernick, partner and head of the data security and privacy practice at the law firm of Fox Rothschild in Philadelphia.

"Just because this information is available on the Internet doesn't mean it's open season and you can just go and get it without impunity," Vernick said.

 Yahoo Tech wrote a story August 20th pointing out that AM  appears to be doing its best to shut these sites down. The site Ashley Madison Data Leak, for example, had already received a take down notice a few hours after it appeared.

If you feel you must search the data. and I tell all of my clients to "make sure you want to know" here is how.  At the time of this writing, three sites were still operating: They include TrustifyCynic.al, and Have I been pwned?. Each has their own issues and is trying to sell directly or through advertisements.

Trustify will tell you if your email is in the Ashley Madison data dump — and then try to sell you services to protect yourself. (Too late.)

The site Ashley.cynic.al was still able to give you the thumbs-up or thumbs-down on any email address you enter, as will Trustify (though the latter will then try to get you to sign up for its data protection services). The site Have I Been Pwnedalso lets you check on an address but several sources are questioning their authenticity. 

So in closing, Search if you must. Be cautious if you find information. And most importantly, make sure you want to know the answers before you ask the question

Bob Mather is a Licensed Private Investigator and the Founder of www.pre-employ.com  one of the nations largest and oldest pre-employment screening services for employers.

You can follow him on Twitter Linkedin email: mather@pre-employ.com or at 1-800-300-1821 ext 124

Subscribe to this blog for interesting, informative and breaking information surround HR business decisions here:Subscribe to our Blog HERE!

If you found this informational, check out these other posts:

"I Hate My Background Check Company, Yep I said it"

Shred, Burn,Pulverize? Are You Disposing of Background Check Reports?

 

 

 

 

 

Topics: Ashley Madison

Keep up to date!

Get the latest information for employers and candidates alike by subscribing to the Pre-employ blog!

Subscribe Here!

Recent Post

Topics

See all