August 20th 2015
People everywhere looking for love outside of their relationship could justifiably be looking over their shoulder following the alleged publication of the personal details of some 32 million users of AshleyMadison.com, the most famous name in infidelity and married dating (the site’s own description).
A 9.7 gigabyte data dump appears to have been posted on the dark web and various Torrent file-sharing services this week following the recent hack of the site’s data. It includes account details and logins, names, street addresses, email addresses, phone numbers and amounts paid – data accumulated over millions of transactions over the last seven years. Credit card numbers do not appear to have been compromised, but instead four digit numbers that may the last digits of the payment cards used, or simply a unique transaction ID. It is thought that in many cases, random addresses and phone numbers are submitted with user profiles on the site, but files with associated credit card transactions carry the authentic address.
Some of the records also carry in-depth descriptions – linked to individuals’ names – of the type of intimate things they are seeking in their illicit relationships.
The hack and subsequent publication seems to have been carried out by a group called Impact Team, positioning themselves as internet “warriors” acting in the name of morality. This is evident from a text file which preceded links to the posted files:
“Avid Life Media (the owners of Ashley Madison) has failed take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see the data.” It goes on to explain that many of the men who sign up on the site (90-95% of users) never actually had an affair, but questions if the distinction matters.
Online security expert Graham Cluley points out that the site never bothered to verify the email addresses given to it by its users. “So, I could have created an account at Ashley Madison with the address of [email protected], but it wouldn’t have meant that Obama was a user of the site. Journalists and commentators would be wise to remember that the credentials stored by Ashley Madison must be considered suspect because of their shonky practices, even before you start considering whether any leaked databases are falsified or not.”
