Ashley Madison keeps calm, carries on after hackers expose lives of millions of its users

ALM seemingly unconcerned about families of cheaters


Infidelity website Ashley Madison has pledged to continue operations after hackers leaked its customer database online.

The Impact Team, which claimed responsibility for the hack on Ashley Madison and sister site Established Men, have made good on their threat to publish compromising information on millions of people.

Around 9.7 GB of customer data were released on a dark web (.onion) site on Tuesday night. This information included sexual preferences, (stated) weight, addresses, GPS locations, card payment histories, phone numbers, dates of birth and more. More than 36 million names featured in the leak, which has already become available through BitTorrent.

More than 90 per cent of the accounts belong to men. AshleyMadison.com did not verify email signups to the site, as password security expert Per Thorsheim previously established, so we can't assume owners of the 36 million email addresses exposed by the leak all signed up to the extra-marital sex hookup site. Anyone whose email address did turn up will nonetheless have a lot of explaining to their partners in store.

The data appears legit, because examples of throw-away email addresses used only on the site have turned up on the dump, among other factors. The depth and breadth of the leak is, if anything, worse than feared when the original news of the breach broke last month.

Luke Brown, Vice President at Digital Guardian, commented: “If ALM [Avid Life Media] were trying to call The Impact Team’s bluff then it seems to have backfired pretty spectacularly. While the data has only been released on the dark web for now, it will inevitably find its way into more mainstream channels over time, resulting in very public naming and shaming for Ashley Madison’s members.

“Perhaps even more embarrassing for ALM and Ashley Madison is the disclosure of the fact that a significant proportion of users on the site are fake, bringing into question the credibility of the website as a whole,” he added.

In a statement supplied to El Reg, Avid Life Media decried the actions of criminal hackers, adding that it intends to continue with its controversial business.

The individual or individuals responsible for this attack claim to have released more of the stolen data. We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.

This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.

ALM added that it has hired independent forensic experts and other security professionals to “assist with determining the origin, nature, and scope of this attack.” Several police agencies – including the Royal Canadian Mounted Police, the Ontario Provincial Police, and the US Federal Bureau of Investigation – have launched investigations into the attack.

Dr Chenxi Wang, VP of cloud security & strategy at CipherCloud, criticized ALM for not drawing down the shutters on the site.

“Ashley Madison should have halted operations rather than betray the confidentiality of millions of customers,” she said. “The hackers rightly pointed out that parent company ALM failed to protect customers, the bottom line for doing business. 9.7 gigabytes is a lot of customer names, credit cards and intimate details about individuals.

“The real victim is not Ashley Madison, it is the customers and their families, who are forced to suffer humiliation and pain. They could have been spared if Ashley Madison had done the tough but right thing. But maybe we should not be surprised – trust is not the strong suit for a company that makes its money by encouraging people to lie and cheat,” she concluded. ®

Similar topics


Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021