Well, alrighty then. When Ashley Madison, the “Lift is short. Have an affair” tool to find other cheating minded people got hacked earlier this year, we all heard that the amount of information stolen from it was pretty substantial. Well, according to an executives at more than one internet security company, we now know that the hack itself was HUGE thanks to a data dump by “Impact Team” the people claiming responsibility for the hack. From The Hill:
“This dump appears to be legit,” said David Kennedy, CEO of information security company TrustedSec, which monitors cyber attacks, in a blog post. “Very, very legit.”….
The leaked database is staggering, according to researchers, and larger than expected at 37 million records, or nearly 10 gigabytes compressed.
“For folks that may not know, that is massive,” Kennedy said. “Huge.”
“It’s full account information,” said Robert Graham, CEO of Errata Security, in a blog post. That includes full names, emails, phone numbers, addresses and passwords.
“It also includes dating information, like height, weight, and so forth,” Graham added. “It appears to contain addresses, as well as GPS coordinates. I suspect that many people created fake accounts, but with an app that reported their real GPS coordinates.”
To add insult to injury in this case, the people responsible, made all the data stolen publicly available in a data dump. At this time, according to Digital Trends, the information is only available via a Tor browser on the dark web, but sooner or later all of it will make its way to the mainstream. Wired claims that the information goes back eight years and includes transactions which opens a lot of people to the risk of credit card fraud.
At this point, several site users have identified their own information within the data dump that has been published in order to shame the people on it, according to “Impact Team”.
“Find yourself in here?” they said in a statement posted with the data dump. “It was [Avid Life Media] that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.”
That would be lovely except for the 15,000 government related email addresses found in the dump. Apparently, many of them were from a domain that isn’t actually used by government workers, whitehouse.gov, but still there were many from servers connected to both houses of Congress, the State Department (shocked? me neither) and the Department of Homeland Security. There were also several from military address. Even the Brits found some emails related to their government servers.
The Digital Trends piece includes more information from the Impact Team statement that may give insight to motivation for the hack and the data dump:
The group said it was prompted to hack the site because it was angered by the “fraud, deceit and stupidity of ALM and their members.” It criticized the apparent dishonesty of AshleyMadison’s “full delete” feature that promises to entirely remove all data linked to a profile for a fee of $19. Impact Team called this a “complete lie,” claiming former members’ information was retained by the site’s operator. Ashley Madison denied Impact Team’s claim.
“Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” Impact Team wrote in July. “Too bad for ALM, you promised secrecy but didn’t deliver.”
In a statement accompanying Tuesday’s data dump, the hackers said ALM had failed to take down Ashley Madison and Established Men, so “now everyone gets to see their data.”
It added, “Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.”
Looks like someone either got caught or scorned and went for revenge, and ruined a lot of lives in the process – possibly even thousands of government workers. (Washington, D.C. has more Ashley Madison members than any other city.) All this goes to prove is be careful where you go and what you do on the internet. It can always come back to haunt.