This came up in a Facebook comment thread, and it'd be helpful to get wider input:
Malicious hackers have released data from around 32 million users of the Ashley Madison site (a dating site for married people). This includes names, addresses, profile information, and purchase from Ashley Madison. Getting reliable info on adultery is notoriously difficult, so researchers may want to analyze the data and publish findings on causes/correlates of adultery. But would using the data for research without consent be (A) Legal, (B) institutionally permissible (i.e., would IRB/RECs approve), and/or (C) morally permissible?
The big wrinkle for A and B (which may vary by country/ institution) is that the data is publicly available, thereby appearing to be exempt from many research regulations, including consent. But the law and morality often come apart. FWIW, journalists seem to have no qualms in publishing quick-and-dirty analyses of the data - but journalists are hardly the arbiters of morality.
If there's an existing lit on this (use of stolen publicly available data in research) links would be useful. If not, we research ethicists should get cracking!
http://www.wired.com/2015/07/hack-brief-attackers-spill-user-data-cheating-site-ashley-madison/
http://www.theverge.com/2015/8/19/9178855/ashley-madison-data-breach-implications