Cheaters outed as hackers dump 9.7Gb of data from Ashley Madison on dark web

19 Aug 2015

Cheaters' worst nightmare - including 115,000 details of Irish people - may have come true as hackers publish 9.7GB of data to the dark web.

Hackers have followed through on their promise to reveal data from cheating website Ashley Madison: some 9.7Gb of data was posted last night to the dark web, potentially sparking cheaters’ worst nightmares.

It is understood the Ashley Madison data was posted to the dark web using an Onion address that is accessible only through the Tor browser, including details and logins of the 32m members of the social-networking site for cheaters.

AshleyMadison.com is a website that enables married people to seek potential partners for affairs.

It emerged in recent weeks that Ashley Madison was hacked and hackers were threatening to expose the data of millions of users. The hackers, calling themselves Impact Team, demanded that the website shut down or they would expose the data.

Among those who will be sleeping poorly tonight are the alleged 115,000 Irish users of the site. Irish people were ranked 10th per capita globally in the list of worldwide members of cheaters on Ashley Madison, with apparently 2.5pc of the population signed up, The Irish Times reported.

The dating website for affairs called Ashley Madison is just one of a conglomerate of three hook-up websites — the other two being Cougar Life and Established Men, the latter of which also had its information hacked — run by a Canadian company called Avid Life Media (ALM).

The 9.7Gb file posted to the dark web is believed to contain emails, member profiles, credit card transactions and other information that can be obtained as a BitTorrent download.

The dump also included passwords that were cryptographically protected using the bcrypt hashing algorithm.

“Avid Life has failed to take down Ashley Madison and Established Men,” the hackers wrote.

“We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.”

Lipstick on the Ashley Madison servers told a tale on you

ashley-madison-timeisup

“We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data,” ALM said in a statement.

“We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort.”

ALM slammed those responsible. “This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities.

‘Every week sees new hacks disclosed by companies large and small, and though this may now be a new societal reality, it should not lessen our outrage. These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives’
– ALM

“The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.

“Every week sees new hacks disclosed by companies large and small, and though this may now be a new societal reality, it should not lessen our outrage. These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives.

“Regardless, if it is your private pictures or your personal thoughts that have slipped into public distribution, no one has the right to pilfer and reveal that information to audiences in search of the lurid, the titillating, and the embarrassing.”

According to Krebs On Security, a former Ashley Madison CTO who has been consulting with the company since the hack became public has doubted the veracity of the data that has been dumped and has suggested the data may be fake.

“There’s definitely not credit card information, because we don’t store that,” Raja Bhatia said. “We use transaction IDs, just like every other PCI-compliant merchant processor. If there is full credit card data in a dump, it’s not from us, because we don’t even have that.”

Either way, if there’s a sliver of evidence in the dump that suggests married individuals had been planning or engaging in extracurricular activities, it is poor comfort for Ashley Madison’s users.

Affair image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com