You can’t insure your relationships
The Ashley Madison breach is terrifying (and different) because it affects something that’s uninsurable: your relationships.
Let me explain.
Breaches have started to feel routine. Credit cards hacked, identities stolen, money lost, and everyone asking “when is everyone going to care enough about this stuff to change their habits?” Despite a ton of handwringing, pretty much nothing has changed. Consumers still use bad passwords and refuse to adopt two-factor authentication. Businesses still maintain horrible security practices.
Little has changed because the damages from pretty much every breach are insured away. Companies have big costs and lose some trust, but the systems we’ve built to insulate consumers from fraud and abuse are working — they protect individuals from risk even as we’re barreling head first into a privacy disaster.
With Ashley Madison, the dynamics are different.
For those who don’t know, Ashley Madison is a site that helps people in monogamous relationships find people to have an affair with. This week, hackers stole the names, emails, naked photos, chat logs, credit card details, and transaction histories of their 37 million customers and are threatening to release this data to the public unless the company shuts down.
Unlike pretty much every other breach that came before it, the Ashley Madison hack isn’t scary because people will have their identities stolen or credit cards abused (though that will happen too).
The Ashley Madison hack is scary because when the data on 37 million cheaters is released, the painful ripples will be emotional, not financial.
Let’s do some quick pack of the napkin math. With the majority of the 37 million accounts being from the US and Canada, I think we can conservatively assume that at least 10 million accounts are US based. Right now, about 57% of Americans are in relationships: around 180 million people or 90 million couples. With those assumptions, it’s likely that a full leak will affect (destroy?) more than 10% of all relationships in the US — if it’s not you, then it’s a couple in your circle of friends.
There’s no chargeback protection that can save individuals from the revelations that are about to occur. There’s no credit monitoring service that can help them recover.
As we put more and more of our lives online, the personal, non-financial breaches will be the most painful. Ashley Madison is the first wide-scale consumer example, but unless the way we change the way we manage our identities online, it almost certainly won’t be the last.
Things are about to get real.
If you liked this post and want to hear from me more: find me on Twitter, recommend this post, and follow me and Two-Factor Authenticity on Medium (↓).
