The Ashley Madison hackers have released the site's user data, as threatened. Or, at least, that's what they say they've done.
There are strong indications that the data is real -- or at least, that it's come from the site. However, it's likely that much of the data is forged or bogus in some way, so don't believe all that you read.
"Life is short. Have an affair." -- that was Ashley Madison's strapline. Worryingly, for some spouses whose names appear in the dump, life might indeed be short.
In IT Blogwatch, bloggers tread carefully. Not to mention: Adolf zuendet buecher an, Enrico macht auch mit...
Your humble blogwatcher curated these bloggy bits for your education.
[Developing story: Updated at 8:02 am and 1:04 pm PDT with more comment]
It zeems Kim Zetter got the tipoff:
9.7 gigabytes...was posted on Tuesday to the dark web. ... The files appear to include account details and log-ins for some 32 million users. ... Seven years worth of credit card and other payment transaction details are also part of the dump...millions of payment transactions, includes names, street address, email address and amount paid, but not credit card numbers.
Last month, the hackers, who called themselves the Impact Team, demanded that Avid Life Media, owner of AshleyMadison.com and...Established Men, take down the two sites. ... Despite promising customers to delete their user data from the site for a $19 fee, the company actually retained the data...the hackers claimed. “Too bad for those men, they...deserve no such discretion,” the hackers wrote. “Too bad for ALM, you promised secrecy but didn’t deliver.”
It’s important to note that Ashley Madison’s sign-up process does not require verification of an email address...so legitimate addresses might have been hijacked. ... One email in the data dump, for example, appears to belong to former UK Prime Minister (Tony Blair). MORE
Is it real? Brian Krebs says so, giving three reasons:
I’ve now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database. ... It’s been almost exactly 30 days since the original hack. ... All of the accounts created at Bugmenot.com for Ashleymadison.com prior to the original breach appear.
I’m sure there are millions of AshleyMadison users who wish it weren’t so, but there is every indication this dump is the real deal.
My first report on this breach quoted...CEO Noel Biderman saying the company suspected the culprit was likely someone who [had] had legitimate access to the company’s internal networks. I’d already come to the same conclusion...and I still believe that’s the case. [He said] investigation is still ongoing and that the company is simultaneously cooperating fully with law enforcement.
Readers should understand...that just finding someone’s name, email address and other data...doesn’t mean that person was a real user [because] AshleyMadison never bothered to verify the [data]. MORE
The company statement is rather equivocal:
We are actively monitoring and investigating this situation to determine the validity of any information posted. ... We will continue to put forth substantial efforts into removing any information unlawfully released.
This event is not an act of hacktivism, it is an act of criminality. ... The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner. ... These are illegitimate acts that have real consequences for innocent citizens. ... No one has the right to pilfer and reveal that information to audiences in search of the lurid, the titillating, and the embarrassing. ... Anyone with information [on] these criminals, can contact email@example.com. MORE
Graham Cluley recounts what happened after the initial announcement last month:
Well, Ashley Madison didn't shut down. ... Maybe some members tried to delete their accounts in panic (although that was rather like closing the door after the horse had bolted).
Chances are that many people who are members of the Ashley Madison website will feel uncomfortable with their boss, friends, partner or mother-in-law knowing about it. ... It's easy to imagine that some people might be vulnerable to blackmail. ... There could be genuine casualties as a result. And yes, I mean suicide.
Journalists and commentators would be wise to remember that the [data] must be considered suspect because of [Avid's] shonky practices. MORE
He means commentators such as Jon Stephens, perhaps?
People's sex lives are their own business, married or not. But I find it difficult to drum up any sympathy for marrieds who are foolish enough to go looking for something on the side via a big flashy commercial website.
Internet privacy was over at least a decade ago. MORE
But Bruce Ide marches in with this: [You're fired -Ed.]
I just felt a strange disturbance in The Force, as if a million divorce lawyers suddenly yelled out "CHA-CHING!" and then... yelled out "CHA-CHING!" again. MORE
Meanwhile, Christopher Hacking goes off on this philosophical, epidemiological, historical tangent:
Humans aren't really wired very well for monogamy. ... Most of the way we view the topic is due to societal expectation. Throughout history...various forms of consensual non-monogamy have been practiced...even in "modern" culture. If you think you can truly be your partner's everything, the only one they'll ever need to provide everything they desire, then (statistically speaking) you're delusional.
Cheating may feel inhumane, but it is very, very human. MORE
Update 1: Steve Ragan is vexed by vulns:
The reason for the attack, the group said, is because the company "profits on the pain of others."
The leaked files include databases complete with account information, profile data, PII, and financial data. ... Among those records are 15,019 accounts using either a .mil or .gov email address. Other records indicate that the user created their ALM profile with a work related email address.
[It's] a blackmail archive that could land scores of people in hot water. [But] clearly there are plenty of false records, including those from the White House. ... However, the records with full account details, including profiles matched to personal and financial records, are going to be harder to dispute. MORE
Update 2: Mario Aguilar thinks it's just the beginning:
This breach has a disturbing quality distinct from many previous hacks. [In the] Target [and] Office of Personnel Management...cases people’s lives and livelihoods were compromised in temporary and fixable ways.
Last year’s Sony hack, in which a huge trove of company emails was unceremoniously dumped upon the world, starts to approximate the kind of damage we’re looking at today...the collateral damage was borderline tragic.
[But] having your name released as an Ashley Madison user could destroy your life. ... I can’t imagine the desperation these people feel. ... The implications of this mass revelation should horrify everyone, regardless of how you feel about Ashley Madison.
As we increasingly entrust more and more of our private selves to inherently fallible digital service providers...you’d better get used to it. Today’s Ashley Madison is your public humiliation of tomorrow. MORE
Adolf zuendet buecher an, Enrico macht auch mit
You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or firstname.lastname@example.org. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.