August 11, 2015 — An in-depth analysis shows how the infidelity website Ashley Madison used misleading tactics to convince 38 million people to sign up.
Samuel Hulick of User Onboarding published the report “How Ashley Madison Onboards New Users” detailing the sign-up process.
He noted how the SSL “Secure Site” and “Trusted Security Award” logos emblazoned across the site were “empty statements” that likely misled users into trusting Ashley Madison into thinking their data was private and secure.
He said the site used icons of security locks to trick users into submitting information: “While pictures of locks do not make a site more secure on their own (clearly, in this case), they sure can lead to the perception of it!”
After receiving a “match” six minutes after signing up, he warned that Ashley Madison probably used fake profiles to entice him into providing credit card information and personal data so he could exchange messages.
The problem is that once a user signs up, it is hard to delete a profile. Ashley Madison directs users to pay $20 for the “Full Delete” to remove their profile, messages, pictures, and other information. Instead, personally-identifiably information was retained and left vulnerable to hackers.
Last month, a hacking group called “The Impact Team” compromised user databases and threatened to post personal information online unless Ashley Madison was taken down.