Just days after cybersecurity reporter Brian Krebs broke the story that hackers had gained access to AshleyMadison user information, his inbox became a very emotional place.

Paranoid about a possible outing, AshleyMadison users were reaching out to Krebs. One was a man who had cheated on his wife during a rough patch but swore that he had seen the error of his ways. His relationship was stronger now, but he was worried that this leak would expose his secret and ruin his life. He, along with many others, turned to Krebs for any scrap of information.

"It's one of those things where I have been getting emails almost every day, sometimes several a day from people who really sound desperate and are asking for any information about this," Krebs told Mashable.

Krebs found himself in a similar spot as many media organizations covering the AshleyMadison hack. He provides important information to people who are stonewalled by the companies responsible, but he's also aware that the increased attention and availability of data can do more harm than good as it sends more information swirling.

Data breaches — credit cards, emails, personal information — have gone from terrifying aberration to an accepted inconvenience of modern life, which makes the media's role in these scandals is as important as it is controversial.

But not all leaks are created equal. Reporters are now tasked with striking the right balance between holding companies accountable for leaks and ensuring that they are not part of the problem of further compromising personal information — all in an increasingly fast, competitive media environment that usually rewards a "publish first and apologize later" approach.

Hacks and consequences

In mid-July, Krebs broke the news that AshleyMadison had been hacked after receiving a tip and confirming the breach with Noel Biderman, CEO of the company. Krebs is generally regarded as one of the most well-connected cybersecurity reporters around, having been first to report on a variety of major breaches including the massive data leaks at Target and Home Depot.

Krebs's reporting sent AshleyMadison into damage control, with little information coming to the company's customers. Since the hack, the company has done no interviews, sent takedown notices to Twitter over tweets that included some details about the hack, and seems to have provided scant information to its users.

Meanwhile, various media outlets pounced, providing some important information on the situation, including veracity of the data's origins as being from AshleyMadison. Others have catered to baser desires, such as Wired, which linked to a website that provided a search function for the data despite noting, at the same time, that "This is the quiet desperation of the masses. This is the pathetic morass of our culture."

That attention also meant an influx of people looking to capitalize on the situation. Krebs said that it wasn't long before he saw signs that things would be getting worse for people whose information had been leaked. Now, some websites have popped up that have made the data easily searchable.

"When I originally wrote that story, it took about a day for a domain to pop up that was like 'Is he on AshleyMadison dot com,'" he said.

Krebs said he routinely holds back certain pieces of information, most notably the leaked data. It would make his life easier to just publish it, but the potential harm holds him back.

"I'm not interested in making a bad situation worse, or in enabling people to extort others, which is what is already happening with this breach," he wrote in a follow-up email.

Ashley Madison CEO Noel Biderman and his wife Amanda Biderman. Image: Ashley Madison

The data dilemma

The AshleyMadison hack falls somewhere in the middle of examples like the celebrity nude hacks, which had little serious public benefit and sizable harm but generated no shortage of interest and media coverage, and the breaches at Home Depot and Target, in which reporting on such stories was of the utmost public benefit while offering relatively little risk.

In some sense the AshleyMadison data dump is similar to the Sony leak in that there is some clear information that is of public interest and other that is private and salacious. In both cases, noted Ryan Thomas, an assistant professor of journalism at the University of Missouri, various media outlets have displayed a variety of editorial standards in how they cover these stories. He noted that many digital media organizations including Gawker and BuzzFeed publish numerous stories based on the leaks while older outlets declined to do so. (Mashable published articles using information culled from leaked Sony documents and about the celebrity account hacks.)

Thomas said that the prospect for doing damage needed to become part of the way reporters and editors weigh covering and sourcing from leaked data and documents.

"The conversation ought not just be 'is this information in the public interest?'" Thomas said. "The goal should be to not only look at this information on its merits but also how to limit harm."

He noted, however, that with companies and governments having so much personal information, reporters play a major role in making sure mistakes are identified and corrected.

"Cheaters Prosper" is a book by Ashley Madison CEO Noel Biderman about marriage. Image: Ashley Madison

"Journalism can do an awful lot of good here in holding institutions to account," Thomas said.

There's also the legal risks that media organizations run in dealing with leaked or stolen data.

Craig Newman, a partner at Patterson Belknap Webb & Tyler who works on cybersecurity and data privacy, said that the variety of different nationalities in the AshleyMadison hack make for a particularly complex legal issue.

U.S. laws give the press a wide berth to report and even get things wrong. That's not necessarily true in other parts of the world.

"This hacking is like legal quicksand. You've got potentially the laws of many jurisdictions that will apply, some that value privacy a lot greater than others," Newman said.

Publish and/or perish

With such salacious info floating freely around the Internet, it can be easy for media organizations to feel as if ethics can be relaxed in the interest of getting a few extra visitors. After all, the information is already circulating on a variety of public forums like Reddit, 4chan, Twitter.

Not so, said Susan McGregor, the assistant director of the Tow Center for Digital Journalism at Columbia University.

She noted that the question of how to handle leaked information is not a new issue for reporters. What has changed, however, is that media organizations can now see the attention garnered by those that push the envelope of journalism ethics.

"Whether or not we were all competing previously, we can all see the competition now, so that does make it harder," she said.

Still, media organizations will need to resist the low-hanging fruit of data leaks.

"Public and public interest are not the same thing," she said. "Just because something's out there does not mean it's fair game."