How Many Media Company Employees Had Ashley Madison Accounts?

Ashley Madison homepage (Ashley Madison)

Ashley Madison homepage (Ashley Madison)

Happy Friday! Ashley Madison: It’s the hack that keeps on giving. Every day brings a new joy. And here’s this one: The good people at “Gawker” (who’ve been doing a great job covering this whole thing) took a deep-dive into the data, all 9.7 GBs of it. Why? Well, to see how was dumb enough to use a work email as their AM registration email. (Personally, I’m surprised that nobody got called on the carpet after their network got wind of that verification email in their inbox.)

Now, you’d think that most people would know to use a throwaway email for this kind of thing, right? You’d think that, and you’d be wrong. At the time of the data dump, “Wired” reported that 15K+ domains belonging to the government and military were found, comprising .04% of the total emails found.

Here’s what Sam Biddle at “Gawker” found. (Incidentally, no emails registered to the Gawker domain were found).

'Gawker' Ashley Madison Email Data Analysis (Gawker)

‘Gawker’ Ashley Madison Email Data Analysis (Gawker)

So yeah, have some common sense as to when to use your work email. Have a great holiday weekend!

 

Ashley Madison Hackers Post the Site’s User Data

Ashley Madison homepage (Ashley Madison)

Ashley Madison homepage (Ashley Madison)

Happy Friday! Remember when cheating site Ashley Madison was hacked last month? And how the hackers threatened to release user data to the whole Internet?

Well, they’ve finally done it. The Impact Team, as the group of hackers is known, put the data online on the Dark Web, which can only be reached using specialized equipment. They dumped a jaw-dropping 9.7 GigaBytes (GBs) of data that went back to 2008.

(For context/scale, I have a 4 TeraByte (TB) external hard drive that I keep old school projects and work on. I’ve had that thing for over 6 years, and still haven’t filled it up. One TB is equal to .001 GBs. So you can imagine how voluminous this data breach truly is.)

There seems to be some disagreement over exactly how many users had data leaked. “CNN Money” claims 32M, while “Wired” and “Engadget” put the number closer to 37M.

As of July, Ashley Madison claimed to have 40M+ users.

Ashley Madison data dump (Gizmodo)

Ashley Madison data dump (Gizmodo)

Among the metrics leaked were users’  names, addresses and phone numbers. “Wired” looked into some initial data analysis:

A sampling of the data indicates that users likely provided random numbers and addresses, but files containing credit card transactions will yield real names and addresses, unless members of the site used anonymous pre-paid cards. One analysis of email addresses found in the data dump also shows that some 15,000 are .mil. or .gov addresses.

Passwords were broken by “hashing,” or breaking into the algorithm a site would use to protect passwords. The hackers used the “bcrypt” algorithm used in web development language PHP. This is usually a secure measure to protect passwords. But hey, at least Ashley Madison tried:

It’s notable, however, that the cheating site, in using the secure hashing algorithm, surpassed many other victims of breaches we’ve seen over the years who never bothered to encrypt customer passwords.

Have a great weekend, and go change your passwords!