NEW YORK — If your information was part of the Ashley Madison hack, your problems are probably bigger than a compromised credit card number.
The site, which promotes itself as the go-to service for people looking to have an affair, knows your physical and sexual preferences, and stores your private messages and photos. All of that data is now public.
New websites that can easily search and retrieve this stolen information are popping up every day, according to security expert Troy Hunt.
Hunt runs Have I Been Pwned, which helps people see if their account was compromised in a data breach.
Since hackers published more than 10 gigabytes of Ashley Madison data last week, Hunt says he has received hundreds of emails asking what can be found, what can’t, and what people should do.
Here’s his advice.
Talk to your spouse and don’t lie
First things first. Tell your spouse why you were on the site. Was it a joke, or were you a member when you were single?
If you did join to have an affair, don’t hide it.
“I would not be trying to fabricate a web of lies at this point,” Hunt said. “[You’ll] dig yourself deeper because, unfortunately, evidence is out there.”
Think about your exposure
Next, think about who else might be looking for you and how you should handle the situation.
For example, does your job have a morality clause, which could lead to you being fired?
If you do community service work or volunteer with your church, would an association with Ashley Madison affect your membership?
Be prepared to explain your situation, and again, be upfront about everything.
Ignore blackmailers and check privacy settings
Blackmailers can match your email address to your Facebook or LinkedIn account. They can threaten to share your ties to Ashley Madison with people you know, but Hunt says these extortionists have “nothing of value that’s not already in the public domain.”
“You can safely ignore it,” he told CNNMoney.
While that’s true, Hunt said having your identity associated with Ashley Madison can be pretty damaging on its own.
Adjust your privacy settings on your social networks so that people can’t identify your friends and family or share any of your personal information with them.
Consider using a new email address
If you used your real email address on the site, you should consider getting a new one if you’re applying for a job — or going on dates.
Doing so may help you limit the risk of a background check that could dig up your Ashley Madison information.
Be wary of online scams
You might be lured by links to malware that advertises itself as the stolen database — so don’t click.
“We always see this pattern: a serious international event happens (i.e. the recent Malaysia Airlines crashes) and immediately after we see nefarious individuals attempting to monetize either the pain of victims or the curiosity of onlookers,” Hunt wrote on his blog Monday.
Understand what was compromised
On his site, Hunt includes a list of all the information that was potentially compromised: names and addresses; emails; birth date; gender; ethnicity; payment histories, including partial credit card information; phone numbers; security questions; sexual preferences; user names and passwords; and website activity, such as photos and messages.
Hunt’s analysis found data entries that go back as far as 2002.
Accept the fact that the data is out there
Focus on damage control now because there’s no way this data will ever be removed from the web.
“The exposure is irretrievable,” he says on his website.