Ashley Madison Hackers Post the Site’s User Data

Ashley Madison homepage (Ashley Madison)

Ashley Madison homepage (Ashley Madison)

Happy Friday! Remember when cheating site Ashley Madison was hacked last month? And how the hackers threatened to release user data to the whole Internet?

Well, they’ve finally done it. The Impact Team, as the group of hackers is known, put the data online on the Dark Web, which can only be reached using specialized equipment. They dumped a jaw-dropping 9.7 GigaBytes (GBs) of data that went back to 2008.

(For context/scale, I have a 4 TeraByte (TB) external hard drive that I keep old school projects and work on. I’ve had that thing for over 6 years, and still haven’t filled it up. One TB is equal to .001 GBs. So you can imagine how voluminous this data breach truly is.)

There seems to be some disagreement over exactly how many users had data leaked. “CNN Money” claims 32M, while “Wired” and “Engadget” put the number closer to 37M.

As of July, Ashley Madison claimed to have 40M+ users.

Ashley Madison data dump (Gizmodo)

Ashley Madison data dump (Gizmodo)

Among the metrics leaked were users’  names, addresses and phone numbers. “Wired” looked into some initial data analysis:

A sampling of the data indicates that users likely provided random numbers and addresses, but files containing credit card transactions will yield real names and addresses, unless members of the site used anonymous pre-paid cards. One analysis of email addresses found in the data dump also shows that some 15,000 are .mil. or .gov addresses.

Passwords were broken by “hashing,” or breaking into the algorithm a site would use to protect passwords. The hackers used the “bcrypt” algorithm used in web development language PHP. This is usually a secure measure to protect passwords. But hey, at least Ashley Madison tried:

It’s notable, however, that the cheating site, in using the secure hashing algorithm, surpassed many other victims of breaches we’ve seen over the years who never bothered to encrypt customer passwords.

Have a great weekend, and go change your passwords!

Advertisements

Ashley Madison Hacked: Is Your Data Safe?

Ashley Madison homepage (Ashley Madison)

Ashley Madison homepage (Ashley Madison)

Earlier this month, online dating/cheating site Ashley Madison had its data breached by a group called The Impact Team. The group is lobbying for completely shutting down the site, and has been threatening to release users’ sensitive information if their demands aren’t met. Their demands are aimed at Avid Life Media (ALM), Ashley Madison’s parent company head-quartered in Toronto.

The hackers have leaked personal information from only two people so far. Considering that the site has around 37M-40M registered users, this is miniscule. The group is specifically targeting Ashley Madison’s “full delete” feature, where a user must pay to get his information scrubbed from the site. According to The Impact Team, the feature “netted ALM $1.7M in revenue in 2014.”

This is significant because it’s the second online dating site that’s encountered a massive data breach within a few months: Adult Friend Finder went through a similar situation back in May. But this case is unique in that it’s the only one that’s fallen prey to what ‘Time” calls “data kidnapping:” the hackers won’t leak the data unless they get what they want.

Ashley Madison is ranked #18 in adult sites, and received 124K+ visits on desktop since January 2015.