A new Netflix documentary covers the story of 2015’s Ashley Madison hack: the hackers were called the “Impact Team,” what do we know about them today?
Back in those days, it has been described as the biggest data breach of all time, at least in terms of public impact. Ashley Madison was a popular website with millions of customers from all over the world, and the service offered was pretty sensitive: the possibility to chat and meet with people interested in extramarital affairs. The central aspect of the whole service was about the secrecy and the discretion the website offered, so the scandal that came up when the hackers were able to publicly share the complete list of customers was massive.
The Netflix documentary about the Ashley Madison hack was released worldwide in May 2024, and many questions remain open after watching it. One above all: who is the “Impact Team,” the group of hackers who attacked the Ashley Madison website? What else did they do, and have they ever been caught? In this article, we will explore the truth, based on the updated information and how things happened in 2015.
The Ashley Madison hack
July 13, 2015. AshleyMadison.com is a popular dating service that keeps growing, expanding in many countries around the world. At that moment, it had over 37 million users worldwide and was planning to enter the stock markets (the IPO on the London Stock Exchange was supposed to happen soon). However, when the employees entered the office that morning, an unexpected message appeared on their screens. You can see it below, directly from the Internet archives of those days:
For a website founded on the concept of secrecy and discretion, it really was a nightmare. The users who subscribed to Ashley Madison had real names, photos, and credit card information stored on that website. There were also the messages exchanged with the other users, the sexual fantasies expressed, and all that was supposed to remain secret forever. After the hack, all that was compromised, and the private lives of millions of users were at risk of exposure.
Ashley Madison immediately involved a group of cybersecurity experts to investigate the matter. The main anomalies of the Ashley Madison hack emerged pretty soon:
- Nobody ever heard about the “Impact Team” before the Ashley Madison hack
- The hackers were not asking for money – they only wanted the business to shut down
The Impact Team set a deadline for the website: 30 days before all websites belonging to the organization had to shut down. During those 30 days, the investigation identified a series of suspects; the police and the FBI were involved, but the responsible were not found. Ashley Madison decided to keep the website online, and on August 18, the group of hackers released the full list of users on the dark web. Two days later, on August 20, they also released a dump of corporate emails exchanged by Ashley Madison board members, revealing some controversial practices the website was bringing on, which shed light on the possible motive of the hack.
Who is the Impact Team that hacked Ashley Madison in 2015? What did they want, and why did they do it?
The identity of the “Impact Team” that hacked Ashley Madison in 2015 was never discovered. Based on the hints that emerged during the investigation, it is believed it was a single hacker. He managed to log in to their system as an admin employee and proved to know names and facts that only someone internal to the organization could know. Therefore, the investigators believed it was someone who previously worked as Ashley Madison, an employee or external contractor.
The Impact Team made a bold statement with their first move, directly targeting Ashley Madison’s CTO. Prior to this, there had been no record of any hack attributed to the ‘Impact Team’, and their name has not resurfaced since. This sequence of events suggests that the Ashley Madison attack was the sole focus of these hackers, with their ultimate aim being to drive the company into financial ruin.
The motivation got clearer as the days went by: the Impact Team accused Ashley Madison of fraudulent activity. The controversial practices exposed after the corporate emails were leaked are:
- Full Delete service: Ashley Madison offered the possibility to permanently delete the data stored in its databases for a fee of $19. In reality, the data was not deleted, so the service was a scam.
- Female user base: The website proudly shared a female-male rate of 40-60 among the users subscribed to the website. In reality, there were only about 5% real female profiles. All others were fake profiles created by Ashley Madison’s employees or bots. The men were paying to exchange messages with women, but for the most part, there was no real woman interested in an affair behind that chat.
Today, we can assume that the Ashley Madison hack was perpetrated by a person or a group of people who only wanted the website to shut down and held a personal grudge against them. No money was ever requested by the hackers, and no other attacks by “The Impact Team” have been recorded since then. On the Internet, you can still read the articles published in 2015 about the Ashley Madison hack, revealing the unknown identity of the Impact Team: the most interesting pieces were published by International Business Times UK and BBC.
Ashley Madison never shut down: the website is still online, with the same design as the year of the breach. It’s probably available in your country: you can find it at ashleymadison.com.
