The Ashley Madison Affair Shows There Was More to the Hack Than Unfaithful Celebrities

When the adultery website Ashley Madison was hacked in 2015, Josh Duggar was one of the most high-profile people to be revealed using the site. At the time, the reality TV star and aspiring politician was best known for being a beacon for good Christian family values. The leak of thousands of profiles revealed that he and other conservative politicians who hung their hats on having a strong marriage were cheating on their wives. In the case of Duggar, the allegation that he had an affair with a pornstar caused his other, more serious past crimes of sexually assaulting minors between 2002 and 2003 to resurface (Shiny Happy People covered those details earlier this summer).

But what The Ashley Madison Affair reveals is that there was much more to the hack and the company’s momentary fall beyond just the exposure of celebrity users. The three-part ABC News docuseries on Hulu examines the morality of the founder of the site and the questionable practices that may have caused the anonymous Impact Team to hack the site in the first place.

Ashley Madison was founded in 2001 to facilitate discreet affairs for married people. Here’s how it worked: Men would have to pay for credits that they could then cash in to view women’s profiles and send messages. Women could join the site and send messages for free. Men would pay for allotted amounts of time to chat with women in real time, and any user could pay $19 for “full delete,” supposedly erasing their information from the site. Though the financial model seems simple, it wasn’t as easy to grow revenue as it seemed.

The docuseries features real people who used the site as well as actors reading and performing statements from subscribers who preferred to remain anonymous, detailing the actual user experience of the site. It provides a necessary if clunky view into why people chose to create a profile to begin with. But the real revelations come in the exploration of how Ashley Madison managed to stay in business, and the details of the hack that were drowned out by the celebrity coverage. Here are six of the biggest takeaways from the Hulu docuseries:

Ashley Madison CEO Noel Biderman turned out to be the biggest hypocrite of all

Biderman was shameless in how he promoted the site, constantly making media appearances on everything from The Today Show to The Tyra Banks Show, defending his site even when faced with spouses whose marriages were ruined because of it. In the years leading up to the hack, he even got his wife, Amanda Biderman, involved, using her to show that he himself was in a successful, monogamous relationship. It’s because he put the time into working on his marriage, he said, that he knew how hard it was, and that having a discreet affair could be what saves a marriage. Through it all, however, he claimed he never had an affair.

Biderman also very publicly insisted that if people were going to cheat anyway, it’s better that they use his site to do so instead of seeking out sex workers or people who may not know they’re entering into an extramarital affair. His way was the best way, he said, because it was also (mostly) legal (the exceptions to that being when the site launched in countries where adultery is illegal, and for certain government employees who were users).

When the site was hacked, not only were select user profiles made available to the public, but all of Biderman’s private correspondence as well. Those emails showed Biderman having what appeared to be an ongoing affair with another woman, as well as regularly sending out requests for sex workers to join him in his hotel, often more than one at a time, and in a few instances, he requested that the sex workers be teenage girls (it wasn’t revealed whether or not those girls were in fact minors). His many public claims that he was faithful to his wife were disputed, and he didn’t even use his own website to do the cheating.

15,000 of the breached emails were traced to U.S. government accounts

The 2015 data breach included thousands of users who used their government emails to set up their profiles, and those who were smart enough to not use their work emails were still discovered because of GPS coordinates tied to the accounts. Those subscribers included members of the State Department, Justice Department, top secret defense contractors, and the United States military. According to the Uniform Code of Military Justice, service members caught cheating could face a court-martial.

Before the hack, Ashley Madison faced a $20 million lawsuit for creating fake profiles

In 2013, former Ashley Madison employee Doriana Silva sued the company for $20 million in damages she incurred while creating 1,000 fake female profiles for the site. Silva claimed that the speed at which she was asked to type and come up with so many unique profiles with unique personalities caused a repetitive strain injury. Ashley Madison higher-ups looked to Silva’s social media profiles where she was regularly posting photos of herself on vacation and typing up captions, which the company argued proved she was not suffering from extreme physical damage.

Ultimately the case was dismissed and got little to no media coverage. But the details of the case resurfaced during the hack, causing journalists to dig deeper into the notion that the company was creating fake profiles to lure in more users.

Ashley Madison launched at least 22,000 “fembots” in 2013 to increase revenue

Private correspondence between Biderman and his staff revealed that in 2013, employees were coming up with systems to repurpose existing profiles to create new, fake profiles to give the appearance of more female users on the site. The first implementation of a cyber script created 10,000 fake profiles, which soon came to be called “fembots,” in two weeks. By 2015 the company’s revenue more than doubled, and while it can’t be directly traced to these fembots, the correlation seems clear. More women appearing on the site led to more men paying more money to get a chance to send all of them messages. By 2015, those profiles also had chatbot capabilities enabled.

While it isn’t unusual for bots to take over certain sites, what is unusual and ultimately led to an FTC investigation was that the company was creating these bots itself. That FTC investigation led to a class action lawsuit that would pay out any users tricked by the bots, but after some negotiation, Ashley Madison introduced the stipulation that only people who agreed to be named would get the payout. Ultimately only 18 users agreed to be named, and split $11.2 million among them (and their lawyers). At the time, Biderman claimed the company was worth $1 billion. If those claims were true, that payout wouldn’t have affected Ashley Madison’s bottom line much at all.

The Impact Team is still at large

To this day, no one knows who was behind the hack. There was speculation at the time that the Impact Team had some connection to a former employee who left the company in 2012 and first started threatening Biderman then. He had top security clearance even after he left, and appeared to have enough technical savvy to keep any of the company’s active employees from disabling his access. That employee, however, died by suicide in 2014, one year before the hack. Even though he couldn’t have been directly involved, cybersecurity experts still speculate that people he was working with could have shared access and kept his mission of bringing the company down going.

The Impact Team in particular never asked for money — the people behind it seemingly only wanted Ashley Madison to admit to wrongdoing in creating fake profiles and aiding in infidelity. The initial threat read, “The ALM (Avid Life Media) management is bullsh*t and has made millions of dollars from complete 100% fraud.” In 2015, Ashley Madison offered a $75,000 bounty to discover who was behind the hack. The Impact Team was never found out.

Ashley Madison is still doing really well today

In 2017, they commissioned a report from Ernst and Young to make sure there were no bots on the site and to validate the value of the membership, making sure the ratio of straight men to straight women was desirable. It cleared the company’s name enough to encourage more users to join the site, many of whom heard about it because of the media coverage of the data breach. And post-hack, users interviewed say (via reenactments) they assumed security would be tighter than ever, keeping their information safe. Plus, in this day and age, users of any sites and apps in general are more aware of the security risks that come from entering personal information — it just seems to be a risk that more people are willing to take.

In more recent years, Ashley Madison has changed its advertising strategy to fit in among the many dating apps that are now commonly used. Instead of focusing strictly on being a place to cheat, which people can now just as easily do on apps like Tinder, the company instead is banking on society’s changing views around monogamy, positioning itself as a site for polyamorous people and couples in open relationships. In 2021, 4.7 million new members joined Ashley Madison, which now has a global total of 75 million members. Ashley Madison isn’t going anywhere anytime soon.

The Ashley Madison Affair is streaming on Hulu. Join the discussion about the show in our forums.

Brianna Wellen is a TV Reporter at Primetimer who became obsessed with television when her parents let her stay up late to watch E.R.