The $11.2M civil settlement between the FTC, thirteen state AGs, and ALM/Ruby Corp. constitutes a government finding that the company engaged in deceptive practices including operating fake female engager profiles. The settlement is a matter of public record.

Security researcher Annalee Newitz's analysis of the leaked dataset found approximately 70,000 female bot accounts created by ALM itself, estimating that around 95% of female profiles had no genuine human activity. The FTC investigation subsequently confirmed the fake-profile practice.

A New Orleans-area pastor and a San Antonio Police Department captain both died by suicide in the weeks after the August 2015 data release, with their deaths publicly connected to exposure in the Ashley Madison dataset. These are the most documented human casualties of the breach.

Ashley Madison charged users for a 'full delete' service promising complete removal of account data. The leaked dataset included accounts from users who had paid for this service, demonstrating that the deletion did not occur as advertised. The FTC investigation confirmed this as a deceptive practice.

Avid Life Media CEO Noel Biderman resigned on 28 August 2015, ten days after the full data dump. ALM stated his departure was by 'mutual agreement.' The timing is consistent with the immediate consequences of the breach and the incoming FTC investigation.

Post-breach security analysis found that legacy user account passwords were stored using MD5 hashing, a cryptographically weak algorithm enabling rapid cracking. More recent accounts used bcrypt. The mixed implementation meant that a significant subset of passwords was recoverable from the leaked data.

No individual has been charged in connection with the breach. The Impact Team's members remain unidentified. This is a significant limitation in the investigative record — the perpetrators are confirmed to exist by the breach itself but have not been publicly named or prosecuted.

Multiple politicians and public officials were identified in the leaked data, leading to calls for transparency and some public disclosures. The identification of public figures added to the political and legal pressure that produced the FTC investigation.

The Impact Team hackers framed their action as moral punishment of Avid Life Media for operating a fraud-facilitating platform and for false 'full delete' claims. There is no credible evidence linking Impact Team to state actors, competing commercial interests, or organized crime seeking extortion leverage. The breach appears to be vigilante hacktivism — harmful and illegal, but straightforwardly motivated by the stated ideological grievance rather than a coordinated institutional conspiracy.

The FTC reached a settlement with ALM (rebranded as ruby Corp.) in 2016 requiring substantive security improvements, prohibition on fake profiles, and $1.66 million in redress. The settlement terms were publicly disclosed and subject to ongoing FTC monitoring. The company eliminated fake female 'engager' bots and implemented genuine security measures. These accountability steps — while inadequate for victims who suffered real harm — demonstrate the regulatory system responding to the breach rather than a conspiracy to suppress accountability.

The $11.2M civil settlement between the FTC, thirteen state AGs, and ALM/Ruby Corp. constitutes a government finding that the company engaged in deceptive practices including operating fake female engager profiles. The settlement is a matter of public record.

Security researcher Annalee Newitz's analysis of the leaked dataset found approximately 70,000 female bot accounts created by ALM itself, estimating that around 95% of female profiles had no genuine human activity. The FTC investigation subsequently confirmed the fake-profile practice.

A New Orleans-area pastor and a San Antonio Police Department captain both died by suicide in the weeks after the August 2015 data release, with their deaths publicly connected to exposure in the Ashley Madison dataset. These are the most documented human casualties of the breach.

Ashley Madison charged users for a 'full delete' service promising complete removal of account data. The leaked dataset included accounts from users who had paid for this service, demonstrating that the deletion did not occur as advertised. The FTC investigation confirmed this as a deceptive practice.

Avid Life Media CEO Noel Biderman resigned on 28 August 2015, ten days after the full data dump. ALM stated his departure was by 'mutual agreement.' The timing is consistent with the immediate consequences of the breach and the incoming FTC investigation.

Post-breach security analysis found that legacy user account passwords were stored using MD5 hashing, a cryptographically weak algorithm enabling rapid cracking. More recent accounts used bcrypt. The mixed implementation meant that a significant subset of passwords was recoverable from the leaked data.

Multiple politicians and public officials were identified in the leaked data, leading to calls for transparency and some public disclosures. The identification of public figures added to the political and legal pressure that produced the FTC investigation.

No individual has been charged in connection with the breach. The Impact Team's members remain unidentified. This is a significant limitation in the investigative record — the perpetrators are confirmed to exist by the breach itself but have not been publicly named or prosecuted.

The Impact Team hackers framed their action as moral punishment of Avid Life Media for operating a fraud-facilitating platform and for false 'full delete' claims. There is no credible evidence linking Impact Team to state actors, competing commercial interests, or organized crime seeking extortion leverage. The breach appears to be vigilante hacktivism — harmful and illegal, but straightforwardly motivated by the stated ideological grievance rather than a coordinated institutional conspiracy.

The FTC reached a settlement with ALM (rebranded as ruby Corp.) in 2016 requiring substantive security improvements, prohibition on fake profiles, and $1.66 million in redress. The settlement terms were publicly disclosed and subject to ongoing FTC monitoring. The company eliminated fake female 'engager' bots and implemented genuine security measures. These accountability steps — while inadequate for victims who suffered real harm — demonstrate the regulatory system responding to the breach rather than a conspiracy to suppress accountability.