Hackers call Time on Ashley Madison -- with huge data dump
- 19 August, 2015 13:14
The Ashley Madison hackers have released the site's user data, as threatened. Or, at least, that's what they say they've done.
There are strong indications that the data is real -- at least, that it's come from the site. However, it's likely that much of the data is forged or bogus in some way, so don't believe everything you read.
"Life is short. Have an affair." -- that was Ashley Madison's strapline. Worryingly, for some spouses whose names appear in the dump, life might indeed be short.
In IT Blogwatch, bloggers tread carefully.
Your humble blogwatcher curated these bloggy bits for your entertainment.
Kim Zetter got the tipoff:
9.7 gigabytes...was posted on Tuesday to the dark web. ... The files appear to include account details and log-ins for some 32 million users. ... Seven years worth of credit card and other payment transaction details are also part of the dump...millions of payment transactions, includes names, street address, email address and amount paid, but not credit card numbers.
Last month, the hackers, who called themselves the Impact Team, demanded that Avid Life Media, owner of AshleyMadison.com and...Established Men, take down the two sites. ... Despite promising customers to delete their user data from the site for a $19 fee, the company actually retained the data...the hackers claimed. “Too bad for those men, they...deserve no such discretion,” the hackers wrote. “Too bad for ALM, you promised secrecy but didn’t deliver.”
It’s important to note that Ashley Madison’s sign-up process does not require verification of an email address...so legitimate addresses might have been hijacked. ... One email in the data dump, for example, appears to belong to former UK Prime Minister (Tony Blair). MORE
Is it real? Brian Krebs says so, for three reasons:
I’ve now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database. ... It’s been almost exactly 30 days since the original hack. ... All of the accounts created at Bugmenot.com for Ashleymadison.com prior to the original breach appear.
I’m sure there are millions of AshleyMadison users who wish it weren’t so, but there is every indication this dump is the real deal.
My first report on this breach quoted...CEO Noel Biderman saying the company suspected the culprit was likely someone who [had] had legitimate access to the company’s internal networks. I’d already come to the same conclusion...and I still believe that’s the case. [He said] investigation is still ongoing and that the company is simultaneously cooperating fully with law enforcement.
Readers should understand...that just finding someone’s name, email address and other data...doesn’t mean that person was a real user [because] AshleyMadison never bothered to verify the [data]. MORE
The company statement is rather equivocal:
We are actively monitoring and investigating this situation to determine the validity of any information posted. ... We will continue to put forth substantial efforts into removing any information unlawfully released.
This event is not an act of hacktivism, it is an act of criminality. ... The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner. ... These are illegitimate acts that have real consequences for innocent citizens. ... No one has the right to pilfer and reveal that information to audiences in search of the lurid, the titillating, and the embarrassing. ... Anyone with information [on] these criminals, can contact firstname.lastname@example.org. MORE
Graham Cluley recounts what happened after the initial announcement last month:
Nothing. Well, Ashley Madison didn't shut down at least. Maybe some members tried to delete their accounts in panic (although that was rather like closing the door after the horse had bolted).
Chances are that many people who are members of the Ashley Madison website will feel uncomfortable with their boss, friends, partner or mother-in-law knowing about it. ... It's easy to imagine that some people might be vulnerable to blackmail. ... There could be genuine casualties as a result. And yes, I mean suicide.
Journalists and commentators would be wise to remember that the [data] must be considered suspect because of [Avid's] shonky practices. MORE
Commentators such as Jon Stephens, perhaps?
People's sex lives are their own business, married or not. But I find it difficult to drum up any sympathy for marrieds who are foolish enough to go looking for something on the side via a big flashy commercial website.
Internet privacy was over at least a decade ago. MORE
But Bruce Ide marches in with this:
I just felt a strange disturbance in The Force, as if a million divorce lawyers suddenly yelled out "CHA-CHING!" and then... yelled out "CHA-CHING!" again. MORE
Meanwhile, Christopher Hacking goes off on this philosophical, epidemiological, historical tangent:
Humans aren't really wired very well for monogamy. ... Most of the way we view the topic is due to societal expectation. Throughout history...various forms of consensual non-monogamy have been practiced...even in "modern" culture. If you think you can truly be your partner's everything, the only one they'll ever need to provide everything they desire, then (statistically speaking) you're delusional.
Cheating may feel inhumane, but it is very, very human. MORE
You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or email@example.com. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.