A First Analysis of the AshleyMadison.com Leak

A First Analysis of the AshleyMadison.com Leak

Dominik Bärlocher
by Dominik Bärlocher
time to read: 4 minutes

Hackers calling themselves the Impact Team have released about 9.6Gb of data containing what they claim to be all of the business data of cheating website AshleyMadison.com. The hackers have gained access to the files in July 2015 and tried to blackmail AshleyMadison’s parent company Avid Life Media (ALM). The Impact Team wanted ALM to cease all operations on AshleyMadison.com and its sister sites immediately and permanently. Should ALM not comply, the data would be made public. ALM did not comply.

Ashley Madison

What Data was Published?

Impact Team’s leak contains, among other data, the following:

The data is unsorted and contained in SQL export files. They contain many duplicates. There are 30,612,512 unique e-mail addresses, 56,323 of which end in .ch.

Can the Data be Viewed?

Theoretically, yes. It is possible you can look at the data, but it is unlikely. The data is stored in cleartext, but the file with the e-mail addresses – arguably one of the smaller files – is 1.7GB in size. Every normal text editor is not made to handle files this size. The files need to be split before they can be read.

Who Was Cheated on?

Even if you’re able to read the data and see all the e-mail addresses without your computer crashing, it doesn’t mean that your partner cheated on you. Security researcher Per Thorsheim has told techblog Techcrunch that AshleyMadison does not verify mail addresses.

This makes it easy for people to create accounts using a fake e-mail address or a mail address that does not belong to them. Also, there are many clearly fake mail addresses such as aaa@bbb.com as well as obvious nicknames.

How Secure is Credit Card Data?

The files leaked by Impact Team contain 2643 files that contain transaction data from credit cards. They’re sorted by day and time of transaction. In these files, ALM has collected the following data:

If your name shows up in one of these files, then it’s highly likely that you were doing business with ALM. With the data ALM has collected, it is not possible to make a purchase using your credit card.

About the Author

Dominik Bärlocher

Dominik Bärlocher has been working with IT subjects since 2006. The journalist relied on his affinity for all things IT during his tenures at news papers and benefited from it. At scip, he conducts OSINT researches and is an expert at information gathering.

Links

Is your data also traded on the dark net?

We are going to monitor the digital underground for you!

×
Active Directory certificate services

Active Directory certificate services

Eric Maurer

Specific Criticism of CVSS4

Specific Criticism of CVSS4

Marc Ruef

The new NIST Cybersecurity Framework

The new NIST Cybersecurity Framework

Tomaso Vasella

Ways of attacking Generative AI

Ways of attacking Generative AI

Andrea Hauser

You want more?

Further articles available here

You need support in such a project?

Our experts will get in contact with you!

You want more?

Further articles available here