Gigabytes worth of data stolen in last months devastating hack of Ashley Madison– the cheating site that touts “Life is short. Have an affair”-has been leaked online, meaning the sexual secrets of millions could be all over the Internet.
A 10-gigabyes torrent file was uploaded Tuesday, containing emails, member profiles, credit card information and other sensitive Ashley Madison information that would be quite embarrassing if made public. Upon combing through the torrent, researchers found a trove of important information stolen from a site, but the fact that it’s Ashley Madison’s data has yet been confirmed. User data includes email addresses, profile information, user-provided addresses, height and weight. Another portion of the file contained credit card transaction data, but not full payment card number of billing addresses.
Hackers also leaked users passwords, however they were left in an encrypted format. Regardless of how secure passwords were stored, its likely a majority of the hashes will be cracked, due to the use of weak passwords. Strong passwords are extremely effective in slowing the time it takes to crack passwords, however this may be the least of some individuals worries.
AshleyMadison officials have acknowledged the public leak of information, but stopped just short of confirming the information was from them.
“We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data,” the company said in an emailed statement. “We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.”
Screenshots of the database have bee leaked online, showing that the dump contains files labeled “aminno_member_dump.gz,” “aminno_member_email.dump.gz,” “CreditCardTransactions7z,” and “member_details.dump.gz,” indicating the breach could contain extremely sensitive material.
Hackers included a message to AvidLifeMedia, the company behind AshleyMadison among other cheating and affair-style sites. In the message with a link to the torrent file, hackers wrote:
Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.
Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.
Any data not signed with key 6E50 3F39 BA6A EAAD D81D ECFF 2437 3CD5 74AB AA38 is fake.
Individuals across the web have begun to discuss the contents of the database, as plenty of fake AshleyMadison dumps are making their rounds. According to those who have combed through the data, surprisingly a lot of names and other personally identifying information appears to be falsified.
Assuming the leak is authentic, people should remember that anyone with a keyboard can create an account using a name and e-mail address of just about anyone, even others. Meaning, finding someone in the database doesn’t automatically prove them guilty, as it may have not been them behind the account. However, it would be quite hard for users in the database to dispute credit card transactions, as not every average joe commits credit card fraud and gets away with it on an affair site. Still, the data could prove devastating if utilized by divorce attorneys, blackhat hackers, fraudsters among others.
AshleyMadion’s issued a statement regarding the massive dump, writing:
“Last month we were made aware of an attack to our systems. We immediately launched a full investigation utilizing independent forensic experts and other security professionals to assist with determining the origin, nature, and scope of this attack. Our investigation is still ongoing and we are simultaneously cooperating fully with law enforcement investigations, including by the Royal Canadian Mounted Police, the Ontario Provincial Police, the Toronto Police Services and the U.S. Federal Bureau of Investigation.
We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data. We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.
This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.
Every week sees new hacks disclosed by companies large and small, and though this may now be a new societal reality, it should not lessen our outrage. These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives. Regardless, if it is your private pictures or your personal thoughts that have slipped into public distribution, no one has the right to pilfer and reveal that information to audiences in search of the lurid, the titillating, and the embarrassing.
We know that there are people out there who know one or more of these individuals, and we invite them to come forward. While we are confident that the authorities will identify and prosecute each of them to the fullest extent of the law, we also know there are individuals out there who can help to make this happen faster. Anyone with information that can lead to the identification, arrest and conviction of these criminals, can contact firstname.lastname@example.org.”