Hackers Appear To Post Customer Data Of Affair-Enabling Website
A group of hackers, who calls itself the Impact Team, purportedly released a huge trove of data that appears to contain the account details of more than 30 million users of a website that helps married people cheat on their spouses.
As we reported, the hackers issued a warning back in July that if the company that runs AshleyMadison.com and its companion site EstablishedMen.com did not take the sites off line, they would make the information public.
At the time, the sites' parent company Avid Life Media had just raised its profile by backing a TV show and discussing a $200 million stock offering. Needless to say, the company stuck to its guns and kept the sites up.
Last night, a huge 10 gigabyte compressed file appeared on the dark web.
Analysts at the information security company TrustedSec looked through the data and have so far found 33 million usernames, first names, last names and street addresses.
Analysts at Errata Security found that the information also included GPS information and partial credit card data.
Both companies agree that the data appears to be legitimate.
"A sampling of the data indicates that users likely provided random numbers and addresses, but files containing credit card transactions will yield real names and addresses, unless members of the site used anonymous pre-paid cards. One analysis of email addresses found in the data dump also shows that some 15,000 are .mil. or .gov addresses.
"The data also includes descriptions of what members were seeking. 'I'm looking for someone who isn't happy at home or just bored and looking for some excitement,' wrote one member who provided an address in Ottawa and the name and phone number of someone who works for the Customs and Immigration Union in Canada. 'I love it when I'm called and told I have 15 minutes to get to someplace where I'll be greeted at the door with a surprise—maybe lingerie, nakedness. I like to ravish and be ravished ... I like lots of foreplay and stamina, fun, discretion, oral, even willingness to experiment—*smile*'"
The hackers released the information with a note saying time was up.
"We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data," the hackers wrote.
The hackers appeared to take issue with the morals of the sites but they had also previously taken issue with Ashley Madison's practice of charging customers to delete their data. The problem was that the site took the money but never actually scrubbed their servers of the data.
In their latest missive, the hackers took issue with the "thousands of fake female profiles" on the site. They advise people who find the name of a significant other among the leaked data to remember that while they were looking to cheat, they probably never did.
Avid Life Media issued a statement saying they were looking into the hack and were working with law enforcement agencies including the FBI.
"This event is not an act of hacktivism, it is an act of criminality," the company said. "It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world."
Copyright 2020 NPR. To see more, visit https://www.npr.org.