Ashley Madison Hackers Leak 300GB Leaving Footprints for Investigators

Hackers behind the leak of more than 200,000 emails from Ashley Madison, the dating site for cheaters, have leaked yet another massive set of data but may have left behind footprints which could investigators trying nab the hackers behind the massive company breach.

Initially, a bittorent file containing the personal emails of Noel Biderman, the CEO of Ashley Madison and parent company Avid Life Media, were uploaded by someone using a server operated by Ecatel LTD. an ISP located in the Netherlands whose many of their customers claim the hosting is anonymous and “bulletproof,” or not easily taken down. However, the person who uploaded the torrent left the web interface for the bittorrent server exposed without password, allowing just about anybody to access it. Just a few hours after the torrent went live the server went dark after someone accessed the interface and began making changes to the server configuration. A user named Mr. Green on Twitter posted a photo of his access into the server:

Ashley Madison Hackers Expose Torrent Server

The box seeding the Ashley Madison torrent was located at 94.102.63.121. Authorities and company officials working to identify the the individuals behind the Ashley Madison hack who leaked user profiles, credit card transaction data, emails among swaths of other sensitive data will almost certainly perform a forensic investigation on the physical server. If the hackers didn’t use Tor or similar high-anonymity services, investigators may begin to collect clues on IP address which accessed the box.

Thus far, nearly everyone downloading the torrent has reached 93% completion, as the server went dark mid-download. The lone downloader left the torrent pool, leaving everyone sharing their 93% with other downloaders throughout the swarm. Despite problems, researchers have been able to unpack a file titled, noe.birdman.mail.7z. According to security firm TrustedSec, the zip file contains a 30GB file titled noel.biderman@avidlifemedia.com_[Gmail]_All Mail.mbox that contains some 200,000 emails from the CEO’s Gmail account. The total contents of the email include around 6,800 unique senders and 3,600 recipients, however the security firm chose not to dive into the personal emails further.

The torrent containing the CEO’s email was originally leaked late Thursday in a 19GB release, but due to unpacking errors, the initial torrent was unable to be read. However, hackers most recent re-release made the torrent available late Friday night, early Saturday.

In the brief statements Avid Life Media has made public since the breach, company officials have vowed to track down and prosecute the people behind the Ashley Madison breach. On the other hand Ectal, the server seeding the Ashley Madison torrent, promises to guard customers privacy under any circumstance and takes anonymous BitCoin payments, making it unclear how much success investigators will run into during their time. But hackers did leave the web interface open, meaning anything is possible thus far.

As company officials are working to get a handle on the breach, individuals online have already begun to blackmail Ashley Madison customers. One victim on Twitter posted a screenshot of an email he received from scammers, demanding he pay the total of 1.05 bitcoin to the specified address or his information will be shared with friends and family.

Hackers Blackmail Ashley Madison Victims

The Impact Team, the hacker crew behind the attack told Motherboard Vice they have over 300GB of Ashley Madison data including:

300GB of employee email and documents from internal network
Tens and thousands of personal photos of Ashley Madison users (includes 1/3 of dick pictures hackers won’t dump)
A number of Ashley Madison chat messages

The full impact of the Ashley Madison attack is still unraveling and we may have yet to see the devastating effects this could cause.