The hacked infidelity site Ashley Madison apparently retained enough personal data about users to identify them to spouses – as the site’s hackers have claimed – despite offering a paid-for “full delete” service, which charged users £15 or $20 to remove all their information.
On the database of Ashley Madison accounts, which was posted online by the hackers on Wednesday, accounts that had been wiped by the dating service had their real name, username, email and profile information removed as promised. But the company seems to have retained the date of birth, city, state, post- or zip code, country, gender, ethnicity, weight, height, body type and whether the user smokes or drinks – providing enough information to reveal a user’s identity.
It also retained what kind of relationship a user was seeking, their current relationship status, what they were open to sexually, what turned them on, and what they were looking for in a partner. For instance, one user marked as having paid for their account to be deleted can be tracked to a specific tower block in London, where knowledge of their date of birth and appearance would easily identify them to friends or spouses.