Statistical Analysis of the Ashley Madison Hack

Statistical Analysis of the Ashley Madison Hack

Dominik Bärlocher
by Dominik Bärlocher
time to read: 8 minutes

The data from cheating portal AshleyMadison.com contains, after cleaning it up, 55’839 Swiss e-mail addresses, 19 of which are directly associated with the Swiss government, ending in admin.ch. But the leak contains so much more. Time to analyse the data.

Before I go and mention numbers, I have something important to write down: The analysis of the data did not happen for the purposes of public shaming. The privacy of Ashley Madison users has been intact at every turn of the investigation. Data that was transmitted to media did not contain names or other unique identifiers. Neither scip AG nor any of its employees has or will name names or release any data – be it address, payment details or sexual preferences – that could lead to identification of Ashley Madison clients. Privacy is a core value of scip AG and is thus something we take seriously. Therefore, the analysis has been kept superficial and was done without involving any personal data.

The goal of the analysis was to find out how much damage the Impact Team’s leak can do. Can third parties make credit card purchases with the leaked data? Which authentication and verification mechanism are used by Ashley Madison? What user data did Avid Life Media (ALM), parent company of Ashley Madison, collect? These are the questions that drove our research and led to this article. It was not the question whether or not an acquaintance or a public figure was or is a client.

E-Mail-Adresses Ending in .ch

The Swiss users of Ashley Madison number – after removing duplicates and addresses spelled in upper and lower caps – 55’839, if we go by e-mail addresses ending in .ch. This data was collected in order to find out which companies or private persons owning mail servers have been affected.

Mail provider

Provider Number of Addresses
bluewin.ch 13’473
hotmail.ch 5’537
bluemail.ch 1’181
gmx.ch 22’970
freesurf.ch 65
hispeed.ch 1’565
sunrise.ch 1’136
protonmail.ch 128
swissonline.ch 376
Other 8’938

Credit Card Data

The most exact way of determining the origins of ALM’s clients is most likely the analysis of credit card data. Anyone can sign up to an ALM service using any mail address, but credit cards are hard to steal. We’ve used this data to extrapolate where in Switzerland ALM’s clients come from.

Clients per Canton

Canton Percent
ZH 26.84%
VD 9.67%
BE 9.62%
AG 8.41%
GE 8.37%
SG 6.38%
LU 3.97%
SZ 3.05%
TI 2.80%
ZG 2.66%
FR 2.51%
BS 2.32%
TG 2.27%
SO 2.18%
BL 1.89%
VS 1.74%
SH 0.97%
GR 0.87%
NE 0.77%
AR 0.63%
NW 0.53%
OW 0.39%
GL 0.39%
JU 0.34%
UR 0.24%
AI 0.10%
Unknown 0.10%

These numbers allow for the following conclusions:

Money

Credit card data would not be complete without a look at how much people spent.

Transactions per year

Average amount spent per booking

About the Author

Dominik Bärlocher

Dominik Bärlocher has been working with IT subjects since 2006. The journalist relied on his affinity for all things IT during his tenures at news papers and benefited from it. At scip, he conducts OSINT researches and is an expert at information gathering.

Links

Is your data also traded on the dark net?

We are going to monitor the digital underground for you!

×
I want a "Red Teaming"

I want a "Red Teaming"

Michael Schneider

Human and AI

Human and AI

Marisa Tschopp

Vehicle forensics

Vehicle forensics

Michèle Trebo

Isn’t business continuity part of security?

Isn’t business continuity part of security?

Andrea Covello

You want more?

Further articles available here

You need support in such a project?

Our experts will get in contact with you!

You want more?

Further articles available here