ADVERTISEMENT

'Time's up': Hackers claim to post Ashley Madison user data online

cigaretteman

cigaretteman

HB King
May 29, 2001
79,658
63,069
113
Hackers claim to have leaked a massive list of users from Ashley Madison, a matchmaking website for cheating spouses, saying its owners had refused to bow to their demands to close the site.

A message posted online said "Time's Up!" and accused parent company Avid Life Media of deceit and incompetence.

"Now everyone gets to see their data," the statement said.

Toronto-based Avid Life Media, Inc. said in a statement Tuesday that it was aware of the claim and was investigating.


Ashley Madison officials released a statement, saying, "We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data."

"The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner," the company said.

The Associated Press wasn't immediately able to determine the authenticity of the leaked documents, but several security analysts who have scanned the data say they believe the dump is genuine.

One of them, TrustedSec CEO Dave Kennedy, said the dump included full names, passwords, street addresses, credit card information and "an extensive amount of internal data."

In a blog post, he said it seemed the hackers had access to Ashley Madison "for a long period of time."

Errata Security CEO Rob Graham said he had counted more than 36 million accounts, although many appeared to be bogus. The overwhelming majority of the users were male, he said in a separate blog post.

The hackers' motives aren't entirely clear, although they have accused Ashley Madison of faking female profiles to keep male users interested. In its statement, Avid Life Media accused the hackers of seeking to impose "a personal notion of virtue on all of society."

A call to Avid Life Media wasn't immediately returned. The hackers didn't immediately return messages.

http://www.chicagotribune.com/business/ct-ashley-madison-leak-20150819-story.html
 
Errata Security CEO Rob Graham said he had counted more than 36 million accounts, although many appeared to be bogus.

No way!

The overwhelming majority of the users were male

No way!

The hackers' motives aren't entirely clear, although they have accused Ashley Madison of faking female profiles to keep male users interested.

No way!

The hackers didn't immediately return messages.

No way!
 
  • Like
Reactions: Old_wrestling_fan, GarryO37, 22*43*51 and 2 others
Read somewhere last night there were 44 whitehouse.gov email addresses included.
 
Isn't there a a website that "outs" cheaters by state? Seems I saw something like that around here.
 
gusto79 said:
Read somewhere last night there were 44 whitehouse.gov email addresses included.
Click to expand...

How many of those are legit signs ups, I wonder? Maybe it's not possible to create an account in the name of somebody else, but I'd guess plenty of people tried that if it is possible. Why not create accounts for politicians, actors, etc?
 
gusto79 said:
Read somewhere last night there were 44 whitehouse.gov email addresses included.
Click to expand...

I seriously hope these are made up profiles by the hackers. I know a lot of government employees/officials are rather stupid but I find it hard to believe they would create a random email account if there were stupid enough to go on this website - assuming they were married anyway.
 
The several hundred real, active members are now probably happy that we'll have to sift through 40 million fake names to find them.

Do people really use real names, addresses? Brilliant!
 
  • Like
Reactions: Hawk in SEC Country
When a team of hackers calling themselves “the Impact Group” claimed to break into spouse cheating site Ashley Madison last month, millions of users held their breaths: See, even though Ashley Madison confirmed there was a hack, no one had posted any actual user data yet.

That changed Tuesday evening, when the Impact Group published a 10-gigabyte trove of user data — including names, phone numbers, e-mail addresses and credit card fragments — to the Dark Web.

While Ashley Madison has not confirmed that the information is authentic, several security researchers have already said that it appears to be: Multiple users have independently confirmed that their names appeared in the leak.

imrs.php

A statement posted by the Impact Team on Aug 18.
But if you’re worried about appearing on the list, yourself, you don’t need to download Tor or scour Pirate Bay for the right Torrent. At least three sites are republishing Ashley Madison’s user data on the public-facing Internet.

CheckAshleyMadison.com, which went up overnight, will tell you if an e-mail address or phone number appears in the leaked files. (“Ashley Madison users who were in committed relationships were taking comfort in the fact that their significant others were not able to Torrent things,” the site’s creator told The Washington Post. “Our site upsets that in making it easier for people to find out if their spouse was a part of the site.”)

Trustify, a sort of Uber for private eyes, said in a statement that it was also updating its hacked-e-mail search tool to add the Ashley Madison files.

And Have I Been Pwned, a site that tracks major data breaches around the Web, just finished loading more than 30.6 million e-mail addresses into its database; unlike the other sites, however, Have I Been Pwned will only share data from the Ashley Madison leak with users who have verified their e-mail address with the service and subscribed for notifications.

In other words, Have I Been Pwned (HIBP) will not allow suspicious spouses, nosy co-workers or other passerby to see if someone else was an Ashley Madison user. It will only allow the actual user to check if his or her name was included in the leak.

It’s a novel response to a situation whose ethics remain enormously murky: If private data is hacked — particularly sensitive, compromising data — who is ultimately responsible for the consequences of that leak? Is it the site that failed to secure the data, the hackers who obtained it, the third parties who republished it, often for profit — or some combination of the three?

“There’s no escaping the human impact of it,” HIBP’s creator, Troy Hunt, wrote in a lengthy blog post explaining why the Ashley Madison data wouldn’t be searchable on his site. “The discovery of one’s spouse in the data could have serious consequences … I’m not prepared for HIBP to be the avenue through which a wife discovers her husband is cheating, or something even worse.”

In the meantime, the data dump has already yielded some intriguing insights into who actually used Ashley Madison: One analysis by the self-identified hacker @T0x0, posted Tuesday night to Pastebin, found more than 6,700 Army e-mail addresses in the leak, as well as 1,600 from the Navy, 104 from Virginia state government and 45 from the Department of Homeland Security.

While those numbers haven’t yet been confirmed — and while some of the e-mail addresses could certainly be faked — that’s in keeping with earlier findings from Ashley Madison, which has said that nearly 60,000 of its users are registered in the District of Columbia.

https://www.washingtonpost.com/news...pear-in-the-ashley-madison-leak/?tid=pm_pop_b
 
Pepperman said:
How many of those are legit signs ups, I wonder? Maybe it's not possible to create an account in the name of somebody else, but I'd guess plenty of people tried that if it is possible. Why not create accounts for politicians, actors, etc?
Click to expand...

This is a legitimate question. From a piece I read last night, AM didn't have any process in place to validate email addresses. That should mean that anyone could create a profile with any email address out there. On the one hand, I could certainly see some people creating profiles using email addresses of prominent people....on the other, I know quite a few people who use their work email addresses for just about everything.
 
hawkifann said:
This is a legitimate question. From a piece I read last night, AM didn't have any process in place to validate email addresses. That should mean that anyone could create a profile with any email address out there. On the one hand, I could certainly see some people creating profiles using email addresses of prominent people....on the other, I know quite a few people who use their work email addresses for just about everything.
Click to expand...

They absolutely validated email addresses. I mean that's what I heard.
 
Hawkeyemc said:
They absolutely validated email addresses. I mean that's what I heard.
Click to expand...

I read two stories yesterday that said they didn't. On the whole, with 15,000 email addresses coming from .mil and .gov domains, it's certainly going to be loaded with government reps, but I'm not sure that each and every name on the list is confirmed to that person....to get that, we'd probably have to look to credit card data, which was also supposedly breached.
 
tumorboy said:
josh Duggar had one
Click to expand...

Former reality show star and anti-LGBT activist Josh Duggar had two paid accounts on the infidelity-based match-making website Ashley Madison, Gawker reported on Wednesday.

Data posted after the website was hacked shows accounts listed under the name “Joshua J. Duggar,” with one listing an address matching the home that was featured on the Learning Channel program 19 Kids and Counting. Another address, which was opened in July 2014, was listed under an address in Oxon Hill, Maryland.

The second account contains an extra $250 payment for the site’s “affair guarantee.” Collectively, the accounts attributed to Duggar were active from February 2013 to this past May, when Duggar he resigned his position as a lobbyist for the Family Research Council after he confirmed that he molested two of his sisters when he was a teenager.http://www.rawstory.com/2015/08/hac...-accounts-listed-in-josh-duggars-name-report/
 
  • Like
Reactions: Joes Place and SCHawkFan
Need to find this map

Someone has even created a custom Google Map that displays some of AshleyMadison.com users' addresses registered with the website.

150819120101-ashley-madison-map-custom-2.jpg
 
Yeah, it didn't sound like email addresses were legit, but credit card information and charge information should be...hence finding out about Mr. Duggar.
 
There's some funny business going on with this supposed list of cheaters. I read a Wired article, which linked to reddit, where there is a map you can zoom in to different locations to see where paid accounts were, and my town of 2600 people (including children) had 596 paid accounts, supposedly. That's 20% of the town's population. I bet 20% of the town didn't even know AM existed.

I'm not posting the link, I don't quite trust it.
 
THE_DEVIL said:
Former reality show star and anti-LGBT activist Josh Duggar had two paid accounts on the infidelity-based match-making website Ashley Madison, Gawker reported on Wednesday.

Data posted after the website was hacked shows accounts listed under the name “Joshua J. Duggar,” with one listing an address matching the home that was featured on the Learning Channel program 19 Kids and Counting. Another address, which was opened in July 2014, was listed under an address in Oxon Hill, Maryland.

The second account contains an extra $250 payment for the site’s “affair guarantee.” Collectively, the accounts attributed to Duggar were active from February 2013 to this past May, when Duggar he resigned his position as a lobbyist for the Family Research Council after he confirmed that he molested two of his sisters when he was a teenager.http://www.rawstory.com/2015/08/hac...-accounts-listed-in-josh-duggars-name-report/
Click to expand...

Yay Family Values!!!!
:confused:
 
Doing InfoSec work and general research, I've played around on a lot of sites much less potentially embarrassing than Ashley Madison where I've created single-use burner emails under false names just to avoid crap sticking to my identity in Google searches. If you're an AM user, I'd imagine you'd want to triple-wrap in more ways than one.
 
Joes Place said:
Yay Family Values!!!!
:confused:
Click to expand...
How many families of 21 only have 1 known pervert? I'm actually not going to pin this on the Duggars, assuming of course it is actually him. If it were 9 out of 21 (and to be fair, it may be), then yea, there's an issue there.
 
thewop said:
There's some funny business going on with this supposed list of cheaters. I read a Wired article, which linked to reddit, where there is a map you can zoom in to different locations to see where paid accounts were, and my town of 2600 people (including children) had 596 paid accounts, supposedly. That's 20% of the town's population. I bet 20% of the town didn't even know AM existed.

I'm not posting the link, I don't quite trust it.
Click to expand...

I found a map that just shows percentages of male for certain areas. Are you looking at a different map? Post it up.
 
You must log in or register to reply here.

Similar threads

U

Trump could have just asked Treasury to data mine and isolate possible wasteful spending up to $100 billion

Replies
1
Views
118
Off Topic
Phenomenally Frantastic
P
cigaretteman

Rep. Ashley Hinson praises immigration crackdown, says USDA should move to Iowa

Replies
6
Views
362
Off Topic
mnole03
mnole03
cigaretteman

19-year-old Musk surrogate has State Department email address

Replies
126
Views
2K
Off Topic
Formerly Rockymtnole
Formerly Rockymtnole
B

Tired of fighting to cancel subscriptions online?

Replies
13
Views
490
Off Topic
billanole
B
cigaretteman

Nearly 200 absentee ballots went uncounted in Wisconsin and officials want to know why

Replies
0
Views
260
Off Topic
cigaretteman
cigaretteman
ADVERTISEMENT

Latest posts

ADVERTISEMENT
Top Bottom
Back