Hackers on Tuesday dumped personal data of about 37 million members of the Ashley Madison website onto the Dark Web. The data was stolen last month in an attack on the site, which aims to hook up people who want to cheat on their spouses.
Parent company “Avid Life Media has failed to take down Ashley Madison and Established Men,” the Impact Team wrote on Reddit. “We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.”
Any data not signed with a hash key listed in the post is fake, the Impact Team said.
Avid Life Media reportedly confirmed the data published is genuine.
It reportedly includes the names of people from the United Nations, the Vatican, 15,000 email addresses belonging to people in the United States government or military, bankers and civil servants.
“People are already harvesting and creating metrics on the data,” Lamar Bailey, director of security R&D at Tripwire, told the E-Commerce Times.
For example, sites are publishing which cities have the most cheaters.
Ashley Madison and Avid Life did not respond to our request to comment for this story.
The Dirtier Deed
The data reportedly was posted to the Dark Web using an Onion address accessible only through the Tor browser.
Account details and log-ins for Ashley Madison members, as well as credit card and other payment transaction details going back to 2007 have been exposed. So have victims’ names, street and email addresses, amounts they paid, and descriptions of what they were seeking.
Some of the information may be falsified or inaccurate. Someone reportedly used former British prime minister Tony Blair’s work email address to set up an account, for example.
The revelations may not immediately lead to a wave of divorce filings, but “there will be a huge amount of initial consultations,” and “marriage counselors will become quite busy,” predicted Jacqueline Newman, managing partner at Berkman Bottger Newman & Rodd.
Any victims who do get embroiled in divorce proceedings may take some measure of comfort in that being a member of Ashley Madison would not necessarily constitute proof of adultery, she told the E-Commerce Times.
“You may have someone who is just browsing,” Newman said. However, “I would not think that excuse would hold much weight with your spouse.”
The Crowd Reacts
Many people applauded the publication of the data.
“These aren’t people who simply courted the notion of infidelity,” wrote geoper in response to the Impact Team’s post on Reddit. “They are actively engaging in adultery.”
On the other hand, “It’s easy to accept this in this case because these are unsympathetic users, but what if it were a health insurance company, bank or telecom?” asked calibrated. “We should not be okay with users being dragged into an unrelated war. It’s immoral and unjust.”
Further, “If you have the skill to infiltrate a website and garner this kind of information, why would you not go after something more maniacal…?” wondered FML4000.
“It’s unlikely very many storybook endings [will] result from their attempt to impose their moral compass on Ashley Madison customers,” Jeff Hill, channel marketing manager at Stealthbits, told the E-Commerce Times.
“Many companies run background checks — Facebook, Twitter and Google searches — for applicants, Tripwire’s Bailey said. “If an applicant shows up as an Ashley Madison user, does that show something about their trustworthiness and morals?”
Avid Life previously claimed that it implemented strong security with the support of IT vendors worldwide. In that case, should any of those parties share blame for the breach?
Probably not, Protegrity CEO Suni Munshani told the E-Commerce Times. “Just as the IRS holds you responsible for mistakes made by your accountant, Avid Life is ultimately responsible for the security flaws that may or may not have been an IT vendor’s fault.”