The “Impact Team” hackers who stole client information from adultery website Ashley Madison have made good on their threat to release the information. It reportedly contains over fifteen thousand government and military email addresses.
The hackers had demanded Ashley Madison’s parent company take down the site, plus its sister websites. It wasn’t entirely a moral crusade against the very notion of a web service catering to people who wanted to cheat on their husbands and wives – the Impact Team was more specifically angry about a paid service of the site that claimed to erase all user data, to preserve the anonymity of departing customers. According to the hackers, the service did not actually erase those user profiles, and they stole the user database to prove it.
There are said to be some 37 million users on the Ashley Madison service.
As The Hill observes, Washington D.C. is said to have the highest membership rate of any city, so the data dump is going to hit our nation’s capital like a bomb… at the very moment American voters are professing themselves sick unto death of the corrupt establishment, and turning to professed outsider candidates in both parties. It will be interesting to see if any of those candidates make an issue of the Ashley Madison story.
The Hill also cites reports from international news outlets that while most Ashley Madison customers were American and Canadian, “British government officials, United Nations employees and Vatican staff” have been discovered in the leaked database.
Numerous news and tech websites have quoted security experts who say the Ashley Madison dump, a massive file of nearly 10 gigabytes pushed through the Tor “dark net” system on Tuesday, appears to be legitimate.
The owners of the website, Avid Life Media, also confirmed to Reuters that “some legitimate data had been stolen from it and published online,” although they claim the company “has never stored credit card information on its servers.” Reuters reports these assertions are contradicted by several individuals who were Ashley Madison users, and found both their personal and credit-card information contained in the data dump.
Wired reports it contains 32 million user profiles, including seven years’ worth of credit card and other payment transaction details (but not the full credit card numbers, only the last few digits) plus full names, street addresses, and other personal details of the aspiring adulterers. It is speculated that many of the user profiles contain bogus names and street addresses, but the payment transactions were provided to help establish each user’s true identity.
The file also includes descriptions of what each user desires in a hookup partner, such as an example provided by Wired:
“I’m looking for someone who isn’t happy at home or just bored and looking for some excitement,” wrote one member who provided an address in Ottawa and the name and phone number of someone who works for the Customs and Immigration Union in Canada. “I love it when I’m called and told I have 15 minutes to get to someplace where I’ll be greeted at the door with a surprise—maybe lingerie, nakedness. I like to ravish and be ravished … I like lots of foreplay and stamina, fun, discretion, oral, even willingness to experiment—*smile*”
Oh yes, this is going to get ugly. Wired also reports there were encrypted passwords in the dump, which enterprising hackers might be able to decipher and use to access accounts on Ashley Madison to read personal correspondence and uncover still more details about the users. The pressure to take the site offline is probably going to grow even more intense, while attracting new customers becomes more difficult.
The Quartz tech website, whose correspondents also believe the Ashley Madison data is genuine, posted some sample entries from the file, along with the announcement from the Impact Team, entitled “Time’s Up!”
Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
Find someone you know in here? Keep in mind that the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.
Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.
Any data not signed with key 6E50 3F39 BA6A EAAD D81D ECFF 2437 3CD5 74AB AA38 is fake.
Avid Life Media’s statement in response to the release claims the company is “actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort,” and will “continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.”
The statement continues with a denunciation of hacking and “hacktivism” in general:
This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.
Every week sees new hacks disclosed by companies large and small, and though this may now be a new societal reality, it should not lessen our outrage. These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives. Regardless, if it is your private pictures or your personal thoughts that have slipped into public distribution, no one has the right to pilfer and reveal that information to audiences in search of the lurid, the titillating, and the embarrassing.
The company also asks anyone with information about the identity of the Impact Team to come forward and help the authorities prosecute the hackers more swiftly.
As for the effort to suppress the spread of the disclosed data, that’s even harder to pull off on the dark net than it is on the regular searchable Internet. Reuters reports that “lists of email addresses quickly popped up in more accessible parts of the Web, threatening to wreak havoc on relationships across the globe.”