The hacker or hackers behind the breach of adultery-oriented dating site Ashley Madison have released a second cache of data twice the size of the first, as it emerged that thousands of US government workers in sensitive security-related positions may have accessed the site from government networks.
The latest leak is roughly 19 GB in size, or about twice the 9.7 GB of Wednesday’s cache, according to security researchers, who said it appears to be genuine.
“It does appear to be legitimate like the other dump,” said researchers at TrustedSec in a blog post late on Thursday.
The new release seems to have been prompted by statements from Ashley Madison’s Toronto-based parent company, Avid Life Media (ALM), which stopped short of confirming that the leaked data was authentic.
It includes the message: “Hey Noel, you can admit it’s real now,” in reference to ALM chief executive Noel Biderman, and contains a compressed file that, from its filename, appears to contain Biderman’s emails. However, researchers said this file cannot be opened, and may either be fake or corrupted.
Other files in the cache include the source code for all of ALM’s websites and mobile applications, as well as plain-text or poorly hashed credentials, which could leave ALM exposed to further attacks, researchers said.
“Having full source code to these websites means that other hacker groups now have the ability to find new flaws in Avid Life’s websites, and further compromise them,” TrustedSec wrote.
Meanwhile, the US Department of Defence confirmed it is investigating the use of thousands of email addresses using the .mil top-level doman in accounts revealed in the leak of Ashley Madison user data earlier this week, as a review of the data indicated that many government employees may have accessed the site from their workplaces.
US defence secretary Ash Carter told a briefing on Thursday the military was aware that more than 15,000 .mil email addresses were linked to the exposed accounts.
“I’m aware of it, of course it’s an issue, because conduct is very important,” he said. Adultery can be a prosecutable offence in the US military.
Wednesday’s leak also reportedly included personal details of British civil servants and Ministry of Defence staff, although the veracity of these details hasn’t been confirmed.
Security experts have warned that much of the data released by the attackers calling themselves “Impact Team” is likely to be fake, due to lax controls implemented by the site, such as the non-enforcement of email verification, meaning a user could create an account with someone else’s email address. They have pointed out that Ashley Madison also offers standard dating services.
However, the site markets itself as a service for facilitating extramarital affairs, and many of the users whose data was released online have admitted that that was their purpose in accessing it, according to reports.
Separately, a review of the data leaked on Wednesday found that hundreds of government employees appear to have accessed the service from their workplaces, based on logs of Internet Protocol addresses dating back over the past five years.
The Associated Press said it reviewed the IP address logs and used credit card details that had been stored by ALM to identify hundreds of US government employees, many in sensitive positions in the White House, Congress and law enforcement agencies, and contacted some of those involved to confirm their identities.
Those involved include two assistant U.S. attorneys, an IT administrator in President’s office, several people in high-ranking Justice Department positions, and several Department of Homeland Security employees, AP said.
An unnamed Justice Department investigator contacted by AP acknowledged he had used the site for “things I shouldn’t have been doing” and said he would reveal his actions to his family and employer if needed to prevent blackmail.
The AP said it is the first to identify federal employees in the Ashley Madison data cache by analysing the leaked IP address logs.
ALM declined to comment apart from a previous statement calling the hack criminal.
Are you a security pro? Try our quiz!
Facebook parent Meta adds AI voice chat, live translation to Ray-Ban Meta smart glasses as…
Senate study finds Amazon did not implement protections recommended by internal studies over risk they…
US senate majority leader calls for federal deployment of drone detection technology after drone sightings…
After launching in September 2023, TikTok Shop rises to broad popularity with US sales surpassing…
Investment in China's semiconductor industry falls by one-third this year as US tightens restrictions, state…
Bitcoin surges more than 5 percent after Trump reaffirms plans for national strategic crypto reserve,…
View Comments
About time action was taken against those 'Analysing' or even looking at the data - this is data from the proceeds of a serious crime.
As for the situation where 'Adultery can be a prosecutable offence in the US military' its probably even more of a security threat to the military than the hounding of gay people from a blackmail security aspect.