Data from hack of Ashley Madison cheater site dumped online

[StealthyBoi]

Download includes e-mail, member profiles, and credit card transactions.



Gigabytes worth of data taken during last month's hack of the Ashley Madison dating website for cheaters has been published online—an act that could be highly embarrassing for the men and women who have used the service over the years.

A 10-gigabyte file containing e-mails, member profiles, credit-card transactions and other sensitive Ashley Madison information became available as a BitTorrent download in the past few hours. Ars downloaded the massive file and it appeared to contain a trove of details taken from a clandestine dating site, but so far there is nothing definitively linking it to Ashley Madison. User data included e-mail addresses, profile descriptions, addresses provided by users, weight, and height. A separate file containing credit card transaction data didn't include full payment card numbers or billing addresses.

Rob Graham, CEO of Errata Security, said the dump also included user passwords that were cryptographically protected using the bcrypt hashing algorithm. That's among the most secure ways to store passwords, because bcrypt is extremely slow, a trait that requires crackers to devote vast amounts of time and computing resources. Still, it's highly likely a large percentage of the hashes will be cracked, given rampant use of weak passwords. That will go a long way to preventing the cracking of even moderately weak passwords, although "1234567" "password" and the other mostly widely used passcodes will likely fall after some time.

Ashley Madison officials have stopped short of confirming the published information was extracted from the breach.

We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data," they wrote in an e-mail to Ars. "We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.

As the screenshot above indicates, the dump contains files with titles including "aminno_member_dump.gz," "aminno_member_email.dump.gz," "CreditCardTransactions7z," and "member_details.dump.gz," an indication that the download could contain highly personal details.

People have already taken to 8chan and other sites to discuss the contents of the data. Their posts unsurprisingly report that many of the names and other identifying information appear to be falsified. AshleyMadison.com claimed it had almost 40 million users at the time of last month's breach. It's

Assuming the download turns out to be authentic, people should remember that it was possible for anyone to create an account using the name and e-mail address of other individuals. That means an entry for a given individual doesn't automatically prove the person was behind it. Still, it would be harder for hoaxters to falsify credit card transactions and member profiles. As a result, the data could prove devastating if used by divorce attorneys, blackmailers, and others. This post will be updated as this story develops.

The full text of Ashley Madison's e-mail is:

Last month we were made aware of an attack to our systems. We immediately launched a full investigation utilizing independent forensic experts and other security professionals to assist with determining the origin, nature, and scope of this attack. Our investigation is still ongoing and we are simultaneously cooperating fully with law enforcement investigations, including by the Royal Canadian Mounted Police, the Ontario Provincial Police, the Toronto Police Services, and the U.S. Federal Bureau of Investigation.

We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data. We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.

This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.
Every week sees new hacks disclosed by companies large and small, and though this may now be a new societal reality, it should not lessen our outrage. These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives. Regardless, if it is your private pictures or your personal thoughts that have slipped into public distribution, no one has the right to pilfer and reveal that information to audiences in search of the lurid, the titillating, and the embarrassing.

We know that there are people out there who know one or more of these individuals, and we invite them to come forward. While we are confident that the authorities will identify and prosecute each of them to the fullest extent of the law, we also know there are individuals out there who can help to make this happen faster. Anyone with information that can lead to the identification, arrest, and conviction of these criminals, can contact [email protected].

Source

[StealthyBoi]

Yup this is hell alright. Some users even paid to delete their account (£15 GBP or $19 USD) and those were leaked out too :o

[StealthyBoi]

Just to confirm, the dumps from Ashley Madison cheater site?

[StealthyBoi]

You must be trolling me, did you look at the emails at the end of the list?

it contains ethics slurs of black people

[straycat19]

Look at all the emails on the Pastebin and pay particular attention to the names. This is not the actual list. Tested some of the business addresses and they come back as non deliverable and a search of the business sites for employees reveals there are no such names. Although I will admit that there was known to be a lot of bogus accounts on their site and they were even sued for putting up bogus female accounts to attract men. It was estimated that 90-95% of the actual users were men. Women who want an affair just need to go to a club or bar they don't need to share their data with the world. On the other hand men tend to be cheap and lazy so they sign up for something that they think won't cost them much in money or time.

[Ballistic Gelatin]

Heh, heh, all those poor cheatin' hearts! :blush:

Well, there's gonna be a whole lotta make-up sex goin' on the next few days.

(For the lucky ones who are forgiven, that is.).

[ugurano]

awesome

[info999]

how do you open the .dump files on Windows ?

[StealthyBoi]

how do you open the .dump files on Windows ?

If you want to know if you were part of the hack just visit: https://ashley.cynic.al/

Let me give a warning to everyone and you about the torrent before you download it. This contains stolen personal info of 30 million people and is considered felony in most developed country. You could possibly be jailed for life if Law enforcement officer or ISP finds out.

If you still want to download it, I suggest using a LiveCD, virtual machine, or a burner laptop with a trusted VPN and full drive encryption. Remember to not do this at your house and once your done wipe your data with DBAN or burn your laptop. DON'T talk to anyone else about what you do or relate to these. Opsec is must. This trove of data is so valuable, you may even lose your life over it. This isn't fear mongering so stay safe people.

[SnakeMasteR]

They will find other ways to bring AL down, the CEO bragged about how good privacy is, while employees said the opposite, now that's a joke if one of them did that, right? Arrogance works if there is substance behind, not a blatant imagination, even if it's not the best virtue someone can have. ;)

[StealthyBoi]

They will find other ways to bring AL down, the CEO bragged about how good privacy is, while employees said the opposite, now that's a joke if one of them did that, right? Arrogance works if there is substance behind, not a blatant imagination, even if it's not the best virtue someone can have. ;)

Also their manifesto states:

First, we expose that ALM management is bullshit and has made millions of dollars from complete 100% fraud. Example:

-Ashley Madison advertises "Full Delete" to "remove all traces of your usage for only $19.00"

-It specifically promises "Removal of site usage history and personally identifiable information from the site"

-Full Delete netted ALM $1.7mm in revenue in 2014. It's also a complete lie.

-Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.

-Other very embarrassing personal information also remains, including sexual fantasies and more

-We have all such records and are releasing them as Ashley Madison remains online.

Avid Life Media will be liable for fraud and extreme personal and professional harm from millions of their users unless Ashley Madison and Established Men are permanently placed offline immediately.

Full manifesto here

[info999]

how do you open the .dump files on Windows ?

If you want to know if you were part of the hack just visit: https://ashley.cynic.al/

Let me give a warning to everyone and you about the torrent before you download it. This contains stolen personal info of 30 million people and is considered felony in most developed country. You could possibly be jailed for life if Law enforcement officer or ISP finds out.

If you still want to download it, I suggest using a LiveCD, virtual machine, or a burner laptop with a trusted VPN and full drive encryption. Remember to not do this at your house and once your done wipe your data with DBAN or burn your laptop. DON'T talk to anyone else about what you do or relate to these. Opsec is must. This trove of data is so valuable, you may even lose your life over it. This isn't fear mongering so stay safe people.

Thanks, but I know I am doing, really ;)

[Holmes]

Ashley madison can go to hell I dont care if this happened GOOD. Cheaters are scum and if they go to this site to pay to cheat on there wife they dont deserve pity or mercy or remorse. There stolen information only if there fakes if its not stolen and those are the real addresses its fine cheating has its repercussions sorry paybacks a bitch..

[StealthyBoi]

how do you open the .dump files on Windows ?

Thanks, but I know I am doing, really ;)

No problem, I thought you wanted to query the dumps so I suggested the site in my previous response. Otherwise downloading that torrent poses a huge risk since it is from the deep web and worst if one does not even no what to do with the files.

[Sylence]

KAT deleted the Ashley Madison torrents, https://kat.cr/usearch/ashley%20madison%20dump/

Pirate Bay didn't delete the Ashley Madison torrents yet, I'm not posting the search results.

But my download hasn't stopped yet. the one in the pirate bay is exactly the same one. I'm not providing a link because my last post was deleted by a moderator. I think KAT was under a lot pressure for the removal of that.

[info999]

ok, I can confirm some of the emails in the dump ARE real and some ARE fake

but the thing is there is no easy way to verify them :think:

[ugurano]

everyone hack here, and here here

[StealthyBoi]

KAT deleted the Ashley Madison torrents, https://kat.cr/usearch/ashley%20madison%20dump/

Pirate Bay didn't delete the Ashley Madison torrents yet, I'm not posting the search results.

But my download hasn't stopped yet. the one in the pirate bay is exactly the same one. I'm not providing a link because my last post was deleted by a moderator. I think KAT was under a lot pressure for the removal of that.

That because they only host the torrent file. Obviously if you already have the torrent file or magnet link you can still download the dump since that how the bittorrent protocol is P2P.

ok, I can confirm some of the emails in the dump ARE real and some ARE fake

but the thing is there is no easy way to verify them :think:

Yup since AM doesn't actually verify emails. If you do find a way to verify them, please respond.