How to operate in a world without any secrets

Ashley Madison drama teaches a bigger lesson about navigating Web without being exposed

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The oth­er cuf­flink fell on the Ash­ley Madi­son hack Tuesday.

Accord­ing to Wired, 9.7 giga­bytes of Ash­ley Madi­son data were dumped on the Dark Web, and the col­lec­tion appears to “include account details and log-ins for some 32 mil­lion users.” Where we go from here is anyone’s guess.

Adam Levin, chairman and co-founder of Credit.com and IDT911
Adam Levin, chair­man and co-founder of Credit.com and IDT911

Accord­ing to the Wired arti­cle, the hack­ers left a note with the quar­ry of ill-got­ten files of mar­i­tal list­less­ness: “Avid Life Media has failed to take down Ash­ley Madi­son and Estab­lished Men. We have explained the fraud, deceit, and stu­pid­i­ty of ALM and their mem­bers. Now every­one gets to see their data.” The data includes names (many pre­sum­ably alias­es), email address­es, street address­es (hard­er to fake because these are tied to billing), amounts charged on cred­it cards and poten­tial­ly enough cred­it card infor­ma­tion to re-iden­ti­fy an account with a par­tic­u­lar user (the last four dig­its of an account num­ber or a trans­ac­tion ID).

There is a mad dash now to rum­mage through that Dump­ster-full of names on the Dark Web, with the first tack a search for email address­es tied to gov­ern­ment accounts. Accord­ing to U.K.’s Sky News, “15,000 US mil­i­tary and gov­ern­ment email address­es are reg­is­tered on the data­base, includ­ing exec­u­tives in high-lev­el posi­tions.” It also report­ed “email address­es linked to the White House and NASA, as well as the Vat­i­can and the Unit­ed Nations.”

Among the horde in the col­i­se­um of moral schaden­freude and the media com­pa­nies that feed the public’s insa­tiable appetite for tales of oth­er people’s woe, news of this or that now-pub­lic indis­cre­tion will be greet­ed with glee. For those exposed by the hack, the news will cre­ate a spon­ta­neous bou­quet of shrugs, denials, tor­tured apolo­gies and long expla­na­tions that no one real­ly wants to wade through, but most will read with rapt attention.

The hack of Ash­ley Madi­son and Estab­lished Gen­tle­man is, of course, part of a big­ger sto­ry. There are more than a bil­lion records with sig­nif­i­cant­ly more per­son­al­ly iden­ti­fy­ing infor­ma­tion out there. Data breach­es have become the third cer­tain­ty in life, right behind death and tax­es. Up to now, the kind of infor­ma­tion most often exposed in a breach was of con­cern because it could be used to harm our finan­cial lives and even our well-being (like med­ical iden­ti­ty theft). What dif­fer­en­ti­ates the ALM hack is that it has moral ram­i­fi­ca­tions. Of course, the dam­age also is of a mate­r­i­al stripe, since it could spur cost­ly life changes due to extinct rela­tion­ships that might oth­er­wise have sur­vived a rough patch, and even a stray act of cyber wandering.

The real dam­age is emotional

Impact Team, the hack­ers behind the Ash­ley Madi­son hack, pro­vid­ed some advice when they dumped the files on the Dark Web: “Find some­one you know in here? Keep in mind the site is a scam with thou­sands of fake female pro­files. See ash­ley madi­son [sic] fake pro­file law­suit; 90–95% of actu­al users are male. Chances are your man signed up on the world’s biggest affair site, but nev­er had one. He just tried to. If that dis­tinc­tion matters.”

The tone of the Impact Team is decid­ed­ly of the Some­body Done Some­body Wrong vari­ety. But while that makes for a good song, it’s not how the world works. No one can argue that the Impact Team hasn’t lived up to its name. But with the extinc­tion of pri­va­cy upon us, what did it actu­al­ly accom­plish beyond cre­at­ing a very good exam­ple for those who make it their busi­ness to help oth­ers nav­i­gate the post-pri­va­cy world—both on- and offline? One could argue not much. Their goal was to make a moral point, but the result may well be a de-sen­si­ti­za­tion to moral­ly flu­id behav­ior. In a world where no one’s per­fect and there is no mean­ing­ful pri­va­cy, who real­ly cares who knows what?

What do you do in a world with­out secrets?

The same rules apply whether you are using social media of the more social­ly accept­able vari­ety or the ver­boten kind: Lie. Pre­var­i­cate. Dissemble.

You have to tell a bank, and, of course, your employ­er, the par­tic­u­lars of who you are. They need your real name, your Social Secu­ri­ty num­ber and your date of birth. (After all, pro­vid­ing them with fake infor­ma­tion can con­sti­tute fraud.) You have to tell oth­er orga­ni­za­tions, like doc­tors and the IRS, cer­tain facts about your life, and, of course, the act of doing busi­ness with a retail­er is syn­ony­mous with telling the world about it, since breach­es are so preva­lent. But cre­at­ing an online alias and pro­tect­ing some of your most valu­able pieces of per­son­al­ly iden­ti­fy­ing infor­ma­tion on social media and oth­er sites can go a long way in help­ing you oper­ate on the Web with­out becom­ing exposed.

Tips to keep your data under wraps:

  1. Nev­er use your real name. Use a nick­name that your acquain­tances know or cre­ate an alter-ego.
  2. Nev­er share your date of birth.
  3. Cre­ate a unique email account—or what’s com­mon­ly referred to as a burn­er account—not the one you use for per­son­al cor­re­spon­dence and man­ag­ing your finances.
  4. If you pay by cred­it card, bear in mind you poten­tial­ly just blew your alias in the event of a hack.

If your finan­cial details or SSN get exposed in a hack, you don’t want it to destroy your cred­it (on top of every­thing else). Keep an eye on your finan­cial accounts—look at your state­ments online every day—and check your cred­it reports and scores reg­u­lar­ly. You can get your free annu­al cred­it reports on AnnualCreditReport.com, and you can get your cred­it scores every month on Credit.com to mon­i­tor for signs of fraud like new­ly opened accounts you don’t recognize.

In a world where there are no secrets, you either have to be a saint, be very care­ful … or have no shame.

Full dis­clo­sure: IDT911 spon­sors Third­Cer­tain­ty. This sto­ry orig­i­nat­ed as an Op/Ed con­tri­bu­tion to Credit.com and does not nec­es­sar­i­ly rep­re­sent the views of the com­pa­ny or its partners.

Adam Levin is chair­man and co-founder of Credit.com and IDT911.com. His expe­ri­ence as for­mer direc­tor of the New Jer­sey Divi­sion of Con­sumer Affairs gives him unique insight into con­sumer pri­va­cy, leg­is­la­tion and finan­cial advo­ca­cy. He is a nation­al­ly rec­og­nized expert on iden­ti­ty theft and credit.

More on iden­ti­ty theft:
Iden­ti­ty Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Iden­ti­ty Has Been Stolen?