Categories: Security

Ashley Madison Hackers Release Huge Data Cache

The hacker or hackers who published internal data stolen from adultery website Ashley Madison last month have released a much larger cache of data from the site, including details on users and executives and internal corporate documents, security researchers said.

“The database dump appears to be legitimate and contains usernames, passwords, credit card data, street addresses, full names, and much much more,” said TrustedSec researcher Dave Kennedy in a blog post. “So far, it looks like around 33 million usernames, first names, last names, street addresses, and more are impacted by this breach.”

Large cache

Kennedy and other researchers confirmed that the cache amounts to about 10 gigabytes (GB) of compressed data.

“For folks that may not know, that is massive,” Kennedy wrote.

The release comes 30 days after the original publication of data, as originally promised by the unknown hackers, who refer to themselves as Impact Team. The attackers said last month they would release the data unless Ashley Madison and a similar site called Established Men were shut down by parent company Avid Life Media (ALM).

“We have explained the fraud, deceit, and stupidity of ALM and their members,” Impact Team wrote in a statement accompanying the data, according to security researchers. “Now everyone gets to see their data.”

Data contained in the cache indicates the most recent information dates from 11 July, or 10 days before the initial release.

The hackers were acting out of a misguided sense of morality, seeking to “impose a personal notion of virtue on all of society”, ALM said in a statement.

“These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives,” the Toronto-based company stated.

ALM said the US’ FBI, the Royal Canadian Mounted Police and local police are investigating the breach. It did not confirm that the published data was genuine, but said it was aware of the claim.

The company has said it believes the hackers were formerly connected to the company.

Full access

TrustedSec said the hackers appeared to have maintained access to ALM’s internal data for a considerable length of time.

“This is a massive data breach where attackers had full and maintained access to a large percentage of Ashley Madison’s organisation undetected for a long period of time,” TrustedSec’s Kennedy wrote.

He said the cache includes hashes of corporate passwords, corporate PayPal accounts and passwords, and internal documents such as maps of server infrastructure and organisational charts.

“This is much more problematic as it’s not just a database dump, this is a full-scale compromise of the entire company’s infrastructure including Windows domain and more,” he wrote.

Military email addresses

More than 15,000 of the email addresses are hosted on US governmenet or military servers using the .gov and .mil top-level domains, other researchers said.

The documents detail 9.6 million transactions and include 36 million email addresses, according to researchers. Websites have surfaced allowing users to search the database for their own email address, according to reports.

Microsoft security expert Troy Hunt said more than 1 million of the email addresses were linked to payment records.

Errata Security and security journalist Brian Krebs both said unnamed individual users had confirmed the last four digits of their credit cards were found in the cache.

The data also includes personal information on users, including their sexual preferences, according to researchers.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

View Comments

  • Forget any adultery/ partner type issues, think of the potential security threats due to blackmail of people in positions of power or security. This ought to be viewed as a potential national security crime.

    If you don't think it is - Think of the compromises to national security when being gay was a criminal offence and/or socially unacceptable and the opportunities that present to the espionage community!

    Looks as though the culprits are known - so shouldn't be long before they are behind bars!

Recent Posts

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

11 hours ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

13 hours ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

14 hours ago

VW, Rivian Launch Joint Venture, As Investment Rises To $5.8 Billion

Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…

15 hours ago

AMD Axes 4 Percent Of Staff, Amid AI Chip Focus

Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…

18 hours ago

Tesla Recalls 2,431 Cybertrucks Over Propulsion Issue

Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…

19 hours ago