News Categories

Ashley Madison hackers reveal personal information of site members

By Jasper Oregas & Liu Hongzuo - on 20 Aug 2015, 1:58pm

Ashley Madison hackers reveal personal information of site members

Ashley Madison's site banner.

Remember how Ashley Madison, an online cheating website, was hacked by a group called “The Impact Team” and had access to the entire database of personal information that belong to the site’s 37 million users? A month has passed since the hacking incident, and now the hackers took further action. In a press release found on the Dark Web, the hackers declared that Avid Life Media (ALM) – Ashley Madison’s parent company – has failed to remove the infidelity-encouraging website, resulting in the leak with all personal information of Ashley Madison users on the Dark Web (and subsequently, the Internet).

Verification of AM's database leak. Source: Ars Technica.

According to Ars Technica, the information leak is a file dump is approximately 10GB in size that can be torrented, and in it contain email addresses, member profiles, credit card transaction records, and other confidential information (such as fetishes) of the members.

The Impact Team's announcement of leak, found on the Dark Web. Source: Krebs on Security.

The hackers’ announcement was initially done through a text-based magazine found on the Dark Web known as Quantum Magazine, which in turn posted a skeletal press release by The Impact Team. Previously, The Impact Team declared that the Full Delete option (where users pay a nominal fee to have their personal information erased from Ashley Madison’s database) offered was a ‘fraud’ that brought USS$1.7 million (S$2.39 million) in revenue for ALM in 2014. Even with the fee paid, ALM did not scrub away user information as promised.

By failing to comply with the threat, the hackers have decided to take action by making the same database available to the public. The hackers supported their stance by referring to a 2013 lawsuit which highlighted the thousands of fake profiles created on the site to inflate the site’s membership count and encourage more sign-ups.

“90 – 95% of actual users are male,” said the text-only press release by The Impact Team. “Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters (sic).”

However, it is worth noting that Ashley Madison does not verify e-mail addresses of the users, and it is entirely possible for users to mis-use another person’s email address for the purpose of signing up and accessing the contents of the website.

Ashley Madison has taken a stance of painting the leak as a criminal act, and has published a press release here to address the information leak.

“These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives,” said the online statement. “Regardless, if it is your private pictures or your personal thoughts that have slipped into public distribution, no one has the right to pilfer and reveal that information to audiences in search of the lurid, the titillating, and the embarrassing.”

Raja Bhatia, original founding chief technology officer of Ashley Madison, commenting through Brian Krebs’s computer security blog, said that majority of the leak - which amounts to hundreds of gigabytes in total – are not entirely from the Ashley Madison personal information database. The rest of the dumps come from other hacked sources, other than itself.

For people who do not wish to use the Dark Web, contents of leak can be torrented from the Internet.

Source: Ars Technica, Ashley Madison, Krebs on Security, Wired