The data from cheating portal AshleyMadison.com contains, after cleaning it up, 55’839 Swiss e-mail addresses, 19 of which are directly associated with the Swiss government, ending in admin.ch. But the leak contains so much more. Time to analyse the data.

Before I go and mention numbers, I have something important to write down: The analysis of the data did not happen for the purposes of public shaming. The privacy of Ashley Madison users has been intact at every turn of the investigation. Data that was transmitted to media did not contain names or other unique identifiers. Neither scip AG nor any of its employees has or will name names or release any data – be it address, payment details or sexual preferences – that could lead to identification of Ashley Madison clients. Privacy is a core value of scip AG and is thus something we take seriously. Therefore, the analysis has been kept superficial and was done without involving any personal data.

The goal of the analysis was to find out how much damage the Impact Team’s leak can do. Can third parties make credit card purchases with the leaked data? Which authentication and verification mechanism are used by Ashley Madison? What user data did Avid Life Media (ALM), parent company of Ashley Madison, collect? These are the questions that drove our research and led to this article. It was not the question whether or not an acquaintance or a public figure was or is a client.

E-Mail-Adresses Ending in .ch

The Swiss users of Ashley Madison number – after removing duplicates and addresses spelled in upper and lower caps – 55’839, if we go by e-mail addresses ending in .ch. This data was collected in order to find out which companies or private persons owning mail servers have been affected.

Credit Card Data

The most exact way of determining the origins of ALM’s clients is most likely the analysis of credit card data. Anyone can sign up to an ALM service using any mail address, but credit cards are hard to steal. We’ve used this data to extrapolate where in Switzerland ALM’s clients come from.

These numbers allow for the following conclusions:

• There’s no canton without Ashley Madison clients
• Looking at numbers, the canton of Zürich has the most paying members: 555 (0.038% of all people living in the canton of Zürich)
• The fewest members are from the canton of Appenzell Innerrhoden: 2 (0.012% of all people living in the canton)
• The highest percentage of members can be found in the canton of Zug: 0.046% which makes 55 persons
• Two credit card charges could not be associated with location data

Money

Credit card data would not be complete without a look at how much people spent.

• The Swiss people who had financial interactions with ALM spent a grand total of 661’537.73 USD, which adds up to 31’275.69 CHF
• They made 6738 transactions
• That’s 3.2 transactions per client
• The average amount of a transaction is 98.18 USD, which is 93.69 CHF
• A paying client has paid an average of 321.13 USD or 306.44 CHF to Ashley Madison

About the Author

Dominik Bärlocher has been working with IT subjects since 2006. The journalist relied on his affinity for all things IT during his tenures at news papers and benefited from it. At scip, he conducts OSINT researches and is an expert at information gathering.

Links

• http://protonmail.ch
• http://swissonline.ch
• http://www.ashleymadison.com
• http://www.bluemail.ch
• http://www.bluewin.ch
• http://www.freesurf.ch
• http://www.gmx.ch
• http://www.hispeed.ch
• http://www.hotmail.ch
• http://www.sunrise.ch