Last November, the North Korean government stole and published gigabytes of corporate email from Sony Pictures. This was part of a much larger doxing— a hack aimed at punishing the company for making a movie parodying the North Korean leader Kim Jong-un. The press focused on Sony’s corporate executives, who had sniped at celebrities and made racist jokes about President Obama. But also buried in those emails were loves, losses, confidences, and private conversations of thousands of innocent employees. The press didn't bother with those emails—and we know nothing of any personal tragedies that resulted from their friends' searches. They, too, were caught in the blast radius of the larger attack.
The Internet is more than a way for us to get information or connect with our friends. It has become a place for us to store our personal information. Our email is in the cloud. So are our address books and calendars, whether we use Google, Apple, Microsoft, or someone else. We store to-do lists on Remember the Milk and keep our jottings on Evernote. Fitbit and Jawbone store our fitness data. Flickr, Facebook, and iCloud are the repositories for our personal photos. Facebook and Twitter store many of our intimate conversations.
It often feels like everyone is collecting our personal information. Smartphone apps collect our location data. Google can draw a surprisingly intimate portrait of what we're thinking about from our Internet searches. Dating sites (even those less titillating than Ashley Madison), medical-information sites, and travel sites all have detailed portraits of who we are and where we go. Retailers save records of our purchases, and those databases are stored on the Internet. Data brokers have detailed dossiers that can include all of this and more.
Many people don't think about the security implications of this information existing in the first place. They might be aware that it's mined for advertising and other marketing purposes. They might even know that the government can get its hands on such data, with different levels of ease depending on the country. But it doesn't generally occur to people that their personal information might be available to anyone who wants to look.
In reality, all these networks are vulnerable to organizational doxing. Most aren't any more secure than Ashley Madison or Sony were. We could wake up one morning and find detailed information about our Uber rides, our Amazon purchases, our subscriptions to pornographic websites—anything we do on the Internet—published and available. It's not likely, but it's certainly possible.
Right now, you can search the Ashley Madison database for any email address, and read that person's details. You can search the Sony data dump and read the personal chatter of people who work for the company.Tempting though it may be, there are many reasons not to search for people you know on Ashley Madison. The one I most want to focus on is context. An email address might be in that database for many reasons, not all of them lascivious. But if you find your spouse or your friend in there, you don't necessarily know the context. It's the same with the Sony employee emails, and the data from whatever company is doxed next. You'll be able to read the data, but without the full story, it can be hard to judge the meaning of what you're reading.