Hackers behind the critical breach of the dating service for cheaters Ashley Madison, have leaked a second batch of data from the Ashley Madison database, this time including over 19GB of data and a trove of e-mails to and from the CEO, Noel Biderman.
Once again, hackers continued with their Ashley Madison saga leaking the data through a torrent, totaling 19GB with 13GB of the data being dedicated to a file titled noel.biderman.mail.7z, sparking speculation that the leak could contain 13GB of emails from the company’s CEO.
However, one downside is that the 13GB zipped file of what we presume to be Mr. Biderman’s email is corrupt and cannot be fully opened. Yet, according to researchers who were able to download the torrent have given a summary of what the second batch of Ashley Madison data contains:
- The leak contains lots of source code (nearly 3M lines of code according to sloccount)
- 73 different git repositories are present
- Ashley Madison used gitlab internally
- The 13GB compressed file which could contain AM CEO’s emails seems corrupted. Is it a fake one?
- The leak contains plain text or poorly hashed (md5) db credentials
The latest leak comes just one day after Avid Life Media (the company behind Ashley Madison and other affair-style sites) officials said a 10GB file making its way around the Internet may be fake. Of course, indirectly referring to the massive 10GB trove of data hackers leaked on some 33 million users. Since then, researchers have combed through the leaked material and have found it genuine, with hackers gaining deeper access than we presumed.
“Hey Noel, you can admit it’s real now,” hackers wrote in a message included in the download. Hackers are taunting the Ashley Madison CEO as he initially tried denying the leak saying it was fake.
“The dump appears to contain all of the CEO – Noel’s business/corporate emails, source code for all of their websites, mobile applications, and more,” researchers from security firm TrustedSec wrote in a blog post published Thursday. “Note that we do not plan on performing analysis on the actual files due to the sensitivity of the dump however, it does appear to be legitimate like the other dump.”
Researchers continued, analyzing the second leak of Ashley Madison data:
“Interesting enough—if this turns out to be legitimate which it in all aspects appears to be—having full source code to these websites means that other hacker groups now have the ability to find new flaws in Avid Life’s websites, and further compromise them more.
“If there was any question to the validity of the data before – those should be removed now.”
No one has yet to find our why the archive file is corrupted or whats contained within. Possibilities are endless, including that face that the data could be fake, or it could have just been a computer error. However, Avid Life Media officials have yet to comment on the latest leak of their company data.
As more information on the Ashley Madison hack surfaces, we will keep you updated!
[Photo via TrustedSec]