Happy Friday! Remember when cheating site Ashley Madison was hacked last month? And how the hackers threatened to release user data to the whole Internet?
Well, they’ve finally done it. The Impact Team, as the group of hackers is known, put the data online on the Dark Web, which can only be reached using specialized equipment. They dumped a jaw-dropping 9.7 GigaBytes (GBs) of data that went back to 2008.
(For context/scale, I have a 4 TeraByte (TB) external hard drive that I keep old school projects and work on. I’ve had that thing for over 6 years, and still haven’t filled it up. One TB is equal to .001 GBs. So you can imagine how voluminous this data breach truly is.)
There seems to be some disagreement over exactly how many users had data leaked. “CNN Money” claims 32M, while “Wired” and “Engadget” put the number closer to 37M.
As of July, Ashley Madison claimed to have 40M+ users.
Among the metrics leaked were users’ names, addresses and phone numbers. “Wired” looked into some initial data analysis:
A sampling of the data indicates that users likely provided random numbers and addresses, but files containing credit card transactions will yield real names and addresses, unless members of the site used anonymous pre-paid cards. One analysis of email addresses found in the data dump also shows that some 15,000 are .mil. or .gov addresses.
Passwords were broken by “hashing,” or breaking into the algorithm a site would use to protect passwords. The hackers used the “bcrypt” algorithm used in web development language PHP. This is usually a secure measure to protect passwords. But hey, at least Ashley Madison tried:
It’s notable, however, that the cheating site, in using the secure hashing algorithm, surpassed many other victims of breaches we’ve seen over the years who never bothered to encrypt customer passwords.
Have a great weekend, and go change your passwords!