The hackers who breached the adultery-oriented dating website Ashley Madison have released a third cache of data, fixing an issue that made the previous release partially illegible, as security researchers said they had uncovered a clue that may help uncover the hackers’ identity.
Separately, two Canadian law firms said they would launch a C$760m (£367m) class-action lawsuit against Ashley Madison parent company Avid Life Media (ALM) after the personal details of more than 30 million users were published online.
Only 93.22 percent of the torrent file used to distribute the latest cache was available, but researchers said they were nonetheless able to decode the compressed file containing the emails, which had been unreadable in the earlier release.
The file, which is about 30GB in size uncompressed, appears to contain emails dating from 2012 to 2015, TrustedSec said in an advisory. The archive contains about 200,000 emails with 6,800 senders and 3,600 recipients in all, TrustedSec said.
“This will be the extent of our analysis as we do not plan on reviewing any emails, or anything relating to the dump that is around an individuals personal account,” TrustedSec said.
Meanwhile, researchers observed that the BitTorrent server originally used to seed the file was left partly exposed to attackers, before being shut down a few hours after the file was uploaded.
Users on Twitter said they had accessed the server via a web-based administration interface that had no password.
Security researchers said the hackers appeared to have forgotten to password-protect the interface, indicating they may have made other mistakes that could lead to their identification.
The server was reportedly hosted by Ecatel, a privacy-oriented hosting provider that is registered in the UK but is headquartered in The Hague.
Ecatel accepts Bitcoin, making payments potentially difficult to trace, and says it protects the privacy of its clients as a “priority”.
“Freedom of speech on the internet is our motto,” the company states on its website. “We do not judge, we leave judgement to qualified people to do so.”
Charney Lawyers and Sutts, Strosberg LLP said they were bringing a class-action lawsuit against ALM for “all Canadians” affected by the breach.
“Numerous former users of AshleyMadison.com have approached the law firms to inquire about their privacy rights under Canadian law,” the two firms stated.
“They are outraged that AshleyMadison.com failed to protect its users’ information. In many cases, the users paid an additional fee for the website to remove all of their user data, only to discover that the information was left intact and exposed.”
Industry observers, as well as the hackers themselves, have pointed out that few of Ashley Madison’s users in fact carried out affairs, although they may have signed up for the site with the intent to do so.
Analyses of the leaked data indicate that about 84 percent of all the accounts on the site worldwide were male.
ALM assigns staff to create fictional female profiles, a practice disclosed in its terms and conditions, which state that the company “may create profiles that can interact with (users)”.
“You acknowledge and agree that some of the profiles posted on the Site that you may communicate with as a Guest may be fictitious,” the terms state.
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…