Data from Ashley Madison hack released in massive 10 GB dump

Scorpus

Posts: 2,159   +239
Staff member

It's about to get a whole lot worse for users of the infidelity-focused dating site Ashley Madison: a huge, 10 GB dump of data from last month's hack has been posted online, revealing all sorts of information about the website's users.

For starters, the data dump includes the usernames, first and last names, and hashed passwords for 33 million Ashley Madison accounts. On top of that, the dump includes 36 million email addresses (more than 15,000 of which are US government email addresses), and partial credit card data, partial addresses, transaction data, and phone numbers for a significant percentage of users.

It gets even worse, too. The profile data for pretty much every user is available in the dump, which means anyone can look through a find a user's sexual desires (such as "threesomes"), and their relationship statuses. Some of the associated names and other personal details will have been faked by the user to protect their identity, but naturally this won't be the case for everyone.

The data dump also includes a significant amount of Ashley Madison's internal documents, including contracts, sales techniques, employees' Windows credentials, and even PayPal account details belonging to executives. The data posted online includes basically everything stored on the company's servers, indicating this was a full-scale compromise of their IT infrastructure.

Many security researchers currently exploring the data dump, which is simply mammoth at 10 gigabytes when compressed, have confirmed that the information comes directly from Ashley Madison. The company themselves are yet to confirm the data dump is real, instead suggesting it contains fake information. However, many Ashley Madison users have been able to find their personal information among the dumped data, which indicates this is actually the real deal.

It's unclear exactly what Ashley Madison will do following this massive, unprecedented hack of their systems. Many of their users are in for a bad time if the data is used for blackmail purposes, and you'd suspect the owners of the site - and possibly the hackers if they're ever caught - will be in for a similarly bad time down the track.

Permalink to story.

 
It's unclear exactly what Ashley Madison will do following this massive, unprecedented hack of their systems.

It's perfectly clear what they will do. They'll issue a statement saying that they will do everything in their power to protect their clients. Those clients will subsequently dump the service and it will be relegated to the graveyard of once-prolific services.
 
I find this hilarious and don't sympathize with the sites users at all. If they were stupid enough to join and trust a site like this then they'll get what's coming to them, deservedly so.
As for the unscrupulous owners and admins of the site, I feel even less.
 
Last edited:
Krebs and Graham Cluley are reporting that there are fake dumps also being released. Nice way to cloud the release from spectators who know very little about systems and have access to torrent.
 
OK, those people who used a government email address deserve this, I mean how STUPID do you have to be to use a work email for this? With so many throw away and free email sites you use your work address for a cheating website? I guess Forrest's mama was right, stupid is as stupid does.
 
OK, those people who used a government email address deserve this, I mean how STUPID do you have to be to use a work email for this? With so many throw away and free email sites you use your work address for a cheating website? I guess Forrest's mama was right, stupid is as stupid does.

Not how it works. Services like AM won't allow membership for people who use known throwaway providers for their email.
 
I'm thinking this was an inside job. Some disgruntled employee (who was probably cheated on using the site) decided to back up the company's entire server onto an external hard drive. I doubt it was some big bad hacking group targeting them across the internet. Usually the simplest explanation is the most plausible.
 
I don't sympathize with members of this website at all and I'm personally glad something like this happened. as a person who has been cheated on I feel this kind of website shouldn't exist in the first place. anyone who's been cheated on can understand that being cheated on is one of the hardest things you could go through in life and can cause severe damage. if you want to sleep with other people you simply need to end the relationship you're currently in, not sneak around behind someones back. I hope the released information gets alot of people caught and destroys their relationships. not a single person deserves to be hurt by being cheated on, no matter how good or bad of a person they are. if you truly love someone and are under the impression they love you back in the same way or on a higher level, almost nothing is worse than finding out they have cheating or are currently cheating. the only upside of finding something like this out is the new possibilities it opens and that you may find a better person and everyone deserves to be happy with someone who is faithful.
 
Looks like I made a few grammatical mistakes in my little short story lol. oh well. it was alot of typing. should of proofread I guess.
 
Not how it works. Services like AM won't allow membership for people who use known throwaway providers for their email.
Have experience with this do ya? Either way you can EASILY make a gmail or outlook or yahoo account and use it only for this there is never a need to use a job email for something like this.
 
Not how it works. Services like AM won't allow membership for people who use known throwaway providers for their email.
Have experience with this do ya? Either way you can EASILY make a gmail or outlook or yahoo account and use it only for this there is never a need to use a job email for something like this.

I think they required credit card validation.
 
Have experience with this do ya? Either way you can EASILY make a gmail or outlook or yahoo account and use it only for this there is never a need to use a job email for something like this.

Yes, actually. Tinder and AFF. The problem with using fake credentials on these services is that it means you can't actually use the services. Once you throw in CC and the other verification, payment, and arrangement methods, choosing to use a work email is reduced to moronic violation of company policy.

Besides, if you're trying to go under the radar on a spouse, the best place to do it is on a work email. Using a dummy account is a ticking time bomb (not that playing with risk didn't burn everyone on Ashley Madison).
 
I think they required credit card validation.
Prepaid credit cards can be filled at Walmart with cash and work like real ones. If you really wanted to stay somewhat anon on these things it is possible it just takes work.
 
Back