Categories: Security

Ashley Madison Hackers Release Huge Data Cache

The hacker or hackers who published internal data stolen from adultery website Ashley Madison last month have released a much larger cache of data from the site, including details on users and executives and internal corporate documents, security researchers said.

“The database dump appears to be legitimate and contains usernames, passwords, credit card data, street addresses, full names, and much much more,” said TrustedSec researcher Dave Kennedy in a blog post. “So far, it looks like around 33 million usernames, first names, last names, street addresses, and more are impacted by this breach.”

Large cache

Kennedy and other researchers confirmed that the cache amounts to about 10 gigabytes (GB) of compressed data.

“For folks that may not know, that is massive,” Kennedy wrote.

The release comes 30 days after the original publication of data, as originally promised by the unknown hackers, who refer to themselves as Impact Team. The attackers said last month they would release the data unless Ashley Madison and a similar site called Established Men were shut down by parent company Avid Life Media (ALM).

“We have explained the fraud, deceit, and stupidity of ALM and their members,” Impact Team wrote in a statement accompanying the data, according to security researchers. “Now everyone gets to see their data.”

Data contained in the cache indicates the most recent information dates from 11 July, or 10 days before the initial release.

The hackers were acting out of a misguided sense of morality, seeking to “impose a personal notion of virtue on all of society”, ALM said in a statement.

“These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives,” the Toronto-based company stated.

ALM said the US’ FBI, the Royal Canadian Mounted Police and local police are investigating the breach. It did not confirm that the published data was genuine, but said it was aware of the claim.

The company has said it believes the hackers were formerly connected to the company.

Full access

TrustedSec said the hackers appeared to have maintained access to ALM’s internal data for a considerable length of time.

“This is a massive data breach where attackers had full and maintained access to a large percentage of Ashley Madison’s organisation undetected for a long period of time,” TrustedSec’s Kennedy wrote.

He said the cache includes hashes of corporate passwords, corporate PayPal accounts and passwords, and internal documents such as maps of server infrastructure and organisational charts.

“This is much more problematic as it’s not just a database dump, this is a full-scale compromise of the entire company’s infrastructure including Windows domain and more,” he wrote.

Military email addresses

More than 15,000 of the email addresses are hosted on US governmenet or military servers using the .gov and .mil top-level domains, other researchers said.

The documents detail 9.6 million transactions and include 36 million email addresses, according to researchers. Websites have surfaced allowing users to search the database for their own email address, according to reports.

Microsoft security expert Troy Hunt said more than 1 million of the email addresses were linked to payment records.

Errata Security and security journalist Brian Krebs both said unnamed individual users had confirmed the last four digits of their credit cards were found in the cache.

The data also includes personal information on users, including their sexual preferences, according to researchers.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

View Comments

  • Forget any adultery/ partner type issues, think of the potential security threats due to blackmail of people in positions of power or security. This ought to be viewed as a potential national security crime.

    If you don't think it is - Think of the compromises to national security when being gay was a criminal offence and/or socially unacceptable and the opportunities that present to the espionage community!

    Looks as though the culprits are known - so shouldn't be long before they are behind bars!

Recent Posts

US Senate Criticises Amazon Over Warehouse Safety

Senate study finds Amazon did not implement protections recommended by internal studies over risk they…

9 mins ago

US Lawmaker Calls For Drone Detection Tech After Runway Closure

US senate majority leader calls for federal deployment of drone detection technology after drone sightings…

39 mins ago

TikTok Shop US Sales Surpass Shein, Sephora

After launching in September 2023, TikTok Shop rises to broad popularity with US sales surpassing…

1 hour ago

China Chip Investment Plummets Amidst US Restrictions

Investment in China's semiconductor industry falls by one-third this year as US tightens restrictions, state…

2 hours ago

Bitcoin Hits New High Over $107,000 On Trump Comments

Bitcoin surges more than 5 percent after Trump reaffirms plans for national strategic crypto reserve,…

2 hours ago

Ofcom Gives Tech Firms Three Months To Implement Content Controls

Ofcom publishes codes of practice for tech platforms to comply with Online Safety Act, with…

3 hours ago