Hackers Make Good on Their Threat to Release Data from AshleyMadison.com; Sadly, Some Church People Are On the List

Red Woman's Lips
Red Woman’s Lips

HACKERS WHO STOLE sensitive customer information from the cheating site AshleyMadison.com appear to have made good on their threat to post the data online.

A data dump 9.7 gigabytes in size was posted on Tuesday to the dark web using an Onion address accessible only through the Tor browser. The files appear to include member account details and log-ins for the social networking site, touted as the premier site for married individuals seeking partners for affairs. Credit card and other payment transaction details are also part of the dump. AshleyMadison.com claimed to have nearly 40 million users at the time of the breach about a month ago, all apparently in the market for clandestine hookups.

“Ashley Madison is the most famous name in infidelity and married dating,” the site asserts on its homepage. “Have an Affair today on Ashley Madison. Thousands of cheating wives and cheating husbands signup everyday looking for an affair…. With Our affair guarantee package we guarantee you will find the perfect affair partner.”

The data released by the hackers includes names, addresses and phone numbers submitted by users of the site, though it’s unclear if members provided legitimate details. A sampling of the data indicates that users likely provided random numbers and addresses. One analysis of email addresses found in the data dump shows that some 15,000 are .mil. or .gov addresses.

The data also includes descriptions of what members were seeking. “I’m looking for someone who isn’t happy at home or just bored and looking for some excitement,” wrote one member who provided an address in Ottawa and the name and phone number of someone who works for the Customs and Immigration Union in Canada. “I love it when I’m called and told I have 15 minutes to get to someplace where I’ll be greeted at the door with a surprise—maybe lingerie, nakedness. I like to ravish and be ravished .. I like lots of foreplay and stamina, fun, discretion, oral, even willingness to experiment—*smile*”

Passwords released in the data dump appear to have been hashed using the bcrypt algorithm for PHP, but Robert Graham, CEO of Erratasec, says that despite this being one of the most secure ways to store passwords, “hackers are still likely to be able to ‘crack’ many of these hashes in order to discover the account holder’s original password.” If the accounts are still online, this means hackers will be able to grab any private correspondence associated with the account.

Click here to read more

Source: Wired.com | KIM ZETTER

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s