The Impact Team leaks data on up to 37m Ashley Madison adulterers

20.08.2015
Hackers have published details of people that use adultery website Ashley Madison, it has been reported.

The data, which includes the email addresses of Ashley Madison users, was published on the dark web, meaning it could only be accessed via an encrypted browser known as Tor. However, some other websites have since duplicated the data.

Technology publication Wired said 9.7GB of data had been published, adding that it appeared to show member account details and credit card details that go back to 2007.

Specifically, the data dump contains the usernames, first names, last names, street addresses and more of some 33 million users. Partial credit card details have also been published, along with records documenting 9.6 million transactions and 36 million email addresses.

Over 100 official UK government email addresses have been found in the the Ashley Madison files. Also among the email addresses were more than 15,000 accounts created with US .mil or .gov email addresses.

The data also includes descriptions of what 64 members were looking for on Ashley Madison.

"I'm looking for someone who isn't happy at home or just bored and looking for some excitement," wrote one member, according to Wired. The same file contained an address in Ottawa and the name and phone number of someone who works for the Customs and Immigration Union in Canada. "I love it when I'm called and told I have 15 minutes to get to someplace where I'll be greeted at the door with a surprise maybe lingerie, nakedness. I like to ravish and be ravished I like lots of foreplay and stamina, fun, discretion, oral, even willingness to experiment*smile*"

Passwords featured in the leak are hashed using the secure bcrypt algorithm. The difficulty and cost of decrypting all the passwords in the database means they will likely remain encrypted, but any users of Ashley Madison that want to minimise the risk of being exposed should change their password and any duplicates.

Susan Moss, a divorce lawyer at Chemtob Moss and Forman in New York City said: "Here comes the Tsumani! With this release of data, every curious spouse is going to check to see if their partner is on this list. This will lead to an influx of more divorces or at the very least some very difficult conversations. My advice, the news always is better received if coming from the cheating spouse directly. Otherwise, I have seen these cases turn into wars."

It's possible that some users provided fake details when they signed up, including random numbers and addresses. However, files containing credit card transactions will show real names and addresses, unless users of the site provided anonymous pre-paid cards.

The data was stolen last month by hackers that threatened to publish it unless the match making site for married people was taken down.

Some data was released in July but Avid Life Media, which owns Ashley Madison, has confirmed that more data has now been leaked.

The Canada-based company said it had "now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data".

It added: "The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world."

The group behind the hack refer to themselves as "The Impact Team".

"Avid Life Media has failed to take down Ashley Madison and Established Men," Wired quoted Impact Team as saying in a statement accompanying the latest posting.

"We have explained the fraud, deceit, and stupidity of ALM [Avid Life Media] and their members. Now everyone gets to see their data," the hackers said, according to Wired.

Shortly after the breach, a hacking insider told Sky News that hackers could sell the data they hold on Ashley Madison's 37 million cheating users for a large profit.

Initially the hackers released just 40MB of data, including some credit card details and several documents about its parent company Avid Life Media (ALM).

The hackers said they were prepared to release all customer records, including the "secret sexual fantasies" of members, unless the site was closed.

Ashley Madison, whose tagline is "Life is Short. Have an Affair", is founded on confidentiality and privacy. It facilitates relationships between married people looking to cheat on their spouse.

The Impact Team targeted ALM over its Full Delete feature - a £15 ($19) service that allows Ashley Madison users to remove their profile and all accompanying information. The hackers claim that ALM doesn't actually delete everything, stating that the user's real name and credit card details remain online.

In April, ALM claimed Ashley Madison was the second most popular dating site in the world, losing out only to dating giant Match.com. It also claimed Ashley Madison had 1.2 million users in Britain.

Commenting at the time of the hack, Kassem Younis, a privacy expert and CEO of Thoughts Around Me, an app that lets people share things anonymously about issues affecting their everyday lives, said Ashley Madison has let its users down by failing to protect them.

"There are many reasons why people would want to protect their identities online - whether or not you agree with the premise of this particular service, users have placed their trust in Ashley Madison and have been badly let down. What is most worrying is that this points to a wider trend of anonymous apps and websites being hacked, including Secret in August 2014.

"The scale of this hack is what will trouble the UK's 1.2 million users the most. With reports that Ashley Madison's customers have had everything from their credit card details to their real names and even their sexual fantasies compromised, there may be a lot of red faces in the UK this morning and much damage has likely already likely been done."

ALM revealed in April that it planned to float on the London Stock Exchange as it looked to raise money from investors hungry to cash in on the success of dating startups.

The company tried floating in Toronto five years ago, only to be greeted to a lack of appetite among cautious North American investors.

"Europeans have a more laissez-faire attitude toward infidelity," said Christoph Kraemer, head of international relations for Ashley Madison at the time. "Investors here will look past that and at the numbers."

(www.techworld.com)

By Sam Shead