In the week since the data was released, which includes financial information, email addresses, physical descriptions, and detailed sexual preferences, Hunt has been inundated with requests for information and help from Ashley Madison users. This is because he operates HaveIBeenPwned.com, a website that allows someone to see if their account was compromised in the Ashley Madison hack (as well as cross-referencing with more than 50 other previous major hacks).
In a blog post detailing the sorts of emails he has been receiving from users, he says that "there has been almost no direct communication with members that I'm aware of." According to one anonymous customer he quotes, the company isn't "answering phones or responding to emails."
Business Insider has reached out to Ashley Madison for comment and will update this report when it responds.
Right now, it's questionable how much Ashley Madison's parent company Avid Life Media (ALM) could actually do for its customers. Their data is widely available online, and it would be all but impossible to scrub it from the internet entirely. (ALM is sending out DMCA copyright takedown notices in an attempt to have it removed, but these have been largely ineffectual, and criticised as a potential abuse of copyright law.) Meanwhile, the company is fighting for its life: If the reputational damage of the hack doesn't kill it, a class action lawsuit filed in Canada demanding hundreds of millions of dollars might.
Nonetheless - Ashley Madison customers will be terrified right now. Dozens of websites are springing up promising to help users (Hunt's HaveIBeenPwned.com is relatively unique in that it only confirms if a user is affected by email, preventing people from checking the email addresses of other people they know), risking jobs, marriages, and reputations. As such, a lack of communication is only going to make things worse. "This is one of the things that struck me most about the entire incident," Hunt writes - "the very poor communication from Avid Life."
If it's hard to feel sorry for members of a site that advertises itself as explicitly for cheating, then bear in mind that they might have signed up when they were single, or were curious and had no intention with following through, or have an "unconventional" relationship and signed up with their partners' blessing. When you add to that the fact that Ashley Madison does not verify email addresses, meaning anyone can sign up with a fake email address (or someone else's), it means that the fact someone's details were in the dump doesn't necessarily guarantee they have actually had an affair.
The leak is also a goldmine for blackmailers and criminals. Ashley Madison members have already started receiving emails attempting to extort them for bitcoin, and given how relatively easy it is to find the data online, these attempts are likely to continue for years.
There are also 15,000 US military and governmental email addresses in the hack. Even assuming that a large proportion of these are fake, it still means that there are thousands of members with sensitive jobs who have been badly compromised by the leak. Foreign intelligence agencies are probably already "digging" through the data and considering how it can be used to leverage the people named within it, one cybersecurity executive told The Hill.
But despite all this, there is not a single mention of the devastating hack on Ashley Madison's homepage, and visitors are greeted with the promise of "100% discreet service."
Ashley Madison
In a statement released on August 18, ALM said that upon first learning of the hack last month, it "immediately launched a full investigation utilizing independent forensic experts and other security professionals to assist with determining the origin, nature, and scope of this attack. Our investigation is still ongoing and we are simultaneously cooperating fully with law enforcement investigations, including by the Royal Canadian Mounted Police, the Ontario Provincial Police, the Toronto Police Services and the U.S. Federal Bureau of Investigation."
It adds: "We will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business."