Impact Team, the Ashley Madison hackers leak 10 gigs of stolen data on the Dark Web
We had already reported that the Ashley Madison hack attack was a sitting time bomb for its 37 million users and today the hackers did just that. The Impact Team who hacked into the online adultery website has finally leaked the stolen data..
The Impact Team released a massive dump of data which is just short of 10 gigabytes. The stolen data was leaked on the Dark Web on Tuesday night (information about the leaked files are given below). The leaked data includes sensitive Ashley Madison customer information, such as payment transaction and credit card details, emails, names, addresses, phone numbers and member profiles.
Although the leaked data did not include full credit card details and billing information, the hack is still a major embarrassment to Avid Life Media Inc., which owns the site, and some 38 million of its users whose private data was exposed.
Impact Team which made the leak has given a brief introduction, perhaps to justify the leak.
We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data … Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters. …
Too bad for those men, they’re cheating dirtbags and deserve no such discretion. Too bad for ALM, you promised secrecy but didn’t deliver.…
Here is a screenshot of the entire statement :
For the uninitiated, hackers who call them Impact Team hacked the online adultery and cheating website Ashley Madison with 37 million members on 19th July 2015. The hackers said that they had hacked the website on moral grounds as they wanted the Ashley Madison owner, Avid Life Media to take the website offline.
The leaked dump contains files with titles including “aminno_member_dump.gz,” “aminno_member_email.dump.gz,” “CreditCardTransactions7z,” and “member_details.dump.gz,” an indication that the download could contain highly personal details (complete leaked file breakup given below.)
Online security analysts and social media users scanning through the leaked database have, for example, already noticed an email address which appears to belong to former UK PM Tony Blair, but since the affair website does not require email address verification some noted that anyone could have used it to set up a fake account.
awkward? pic.twitter.com/xxrWgMOhpB
— zerohedge (@zerohedge) August 18, 2015
As soon as the leaks were made public, security firms and cybersecurity analysts are scrambling to determine whether the leaked data is legit. As always there are two sides, Per Thorsheim, a security analyst confirms that the data is legit.
Confirmed: CC transactions in AM breach are real; just verified CC data used for paid membership.@MiltonSecurity @DavidGoldmanCNN
— Per Thorsheim (@thorsheim) August 18, 2015
@zackwhittaker @JackSmithIV there are multiple data point that would be very hard to fake. @thorsheim have been reviewing and agree.
— Troy Hunt (@troyhunt) August 19, 2015
The Ashley Madison Leaked content
The leak contains the following files :
Those compressed files weight ~ 10GB (and about 35GB uncompressed).
README
The readme file contains the following text:
Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.
Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.
Any data not signed with key 6E50 3F39 BA6A EAAD D81D ECFF 2437 3CD5 74AB AA38 is fake.
74ABAA38.txt
This file contains the GPG public key that can be used to check that all the files were created by the author and *not* modified by some third party. They all seem legit in this case.
CreditCardTransactions.7z
This archive contains *all* the credit card transactions from the past 7 years ! (The first csv file dates back to March 2008). All those csv files contains the names, street address, amount paid and email address of everyone who paid something on AshleyMadison. Those ~2600 files represent more than 9.600.000 transactions !
am_am.dump
Here comes the interesting part. This file contains 32 million user data: first/last names, street address, phone numbers, relationship status, what they are looking for, if they drink, smoke, their security question, date of birth, nickname, etc…
ashleymadisondump.7z
This archive mostly contains administrative documents about AM internals some of them were published a few days after the breach was announced.
aminno_member.dump
This dump also contains some personal data.
aminno_member_email.dump
About 36 million email addresses.
member_details.dump
Physical description: eyes color, weight, height, hair color, body type, “ethnicity”, caption…
member_login.dump
This database dump contains more than 30 million usernames + hashed passwords.
The Royal Canadian Mounted Police and Ontario Provincial Police along with the FBI are investigating the hack, the company said, admitting the bureau’s involvement for the first time.
Some websites are reporting that the hackers may have released all the data they have stolen from Ashley Madison. However, we are the opinion that the intimate images shared by the cheating couples are still in their hands. The above leaked information may harm the Ashley Madison members financially but the #Fappening pictures, which we presume are still in the custody of Impact Team, may cause them personal and domestic harm.
If you want to know if you have been compromised by the Ashley Madison breach, Troy Hunt has offered to notify you. However it will only be accessible to those who subscribed to (free) notifications, visit here.
#Update : This thread made by the Impact Team on Reddit seems to contain links to the leaked data however the links appear dead as of now.
