The hackers who infiltrated AshleyMadison.com, a dating website geared toward people seeking extramarital relationships, have sacrificed their first hostage.
The attack, reported Monday, collected personal information on 37 million members. The perpetrators demanded that the whole website be taken down or they would release all the names and private data they have.
"I think the motivation for the hackers is to embarrass the company," CBS News business analyst Jill Schlesinger said in an appearance on "CBS This Morning."
For a website like Ashley Madison that prides itself on secrecy and anonymity, a breach like this can be catastrophic. The site's subscribers presumably felt that their private information was safe -- and many even paid extra to have their information scrubbed.
"The quick answer is: not that safe," Dr. Michael Sulmeyer, the director of the Cyber Security Initiative at Harvard's John F. Kennedy School of Government's Belfer Center, told CBS Boston.
He said Ashley Madison's clients know now the truth of the web: Everything is hackable.
"Largely, you should not have an expectation of ultimate security and privacy," Sulmeyer explained, "And operate with the understanding that things can go wrong despite all promises to the contrary."
The group believed to be responsible for the hack claims to have stolen private information from all 37 million Ashley Madison users. On Tuesday the personal details of two subscribers leaked. One man is from Canada, the other from Brockton, Massachusetts.
What was revealed is intensely personal. Among the data released about the Brockton client of Ashley Madison: His user ID is "Heavy73;″ he listed himself as "married/attached;" he joined the site the day after Valentine's Day, 2014; he likes "cuddling & hugging" and is into "discretion & secrecy."
Sulmeyer said highly motivated hackers can be determined to get into sites like this, looking for intimate or embarrassing details.
On any such site, he said, users can and should change their passwords often.
"Even with that you should not believe that you have total privacy. And if you are really one who wants total privacy then you should not probably be getting on websites like this," Sulmeyer said.