After the matchmaking website ashleymadison.com, which encourages users to have affairs, was hacked last month, it was only a matter of time before details were published online. Last week, making good on their promise to leak members email, bank details, and sexual preferences, the hackers who call themselves the ‘Impact Team’, uploaded gigabytes of data onto the web.
The Hack
The original hack was announced on July 15th 2015. The hackers threatened to release details of the sites 39 million users, from 53 countries, if the site did not close itself down with immediate effect. While the owners of Ashley Madison made attempts to reassure customers, especially those that had paid an additional $20 in order to have their data ‘securely deleted’, the hackers described ashleymadison.com as an ‘open fortress’ which had no security at all. On August 18th 10 gigabytes of data were uploaded in a file called, “Time’s Up!” and posted on BitTorrent and the dark web. The motive for the hack appears to be moral rather than financial and, somewhat surprisingly, what seems to have angered the hackers into action isn’t the infidelity of users but rather the fact that the site was making people pay to have data deleted which was not deleted.
The Fallout
While it may not be technically easy for the average person to download and sift through such a large amount of data, it is already being made available on the web in the form of searchable databases and as expected, some interesting results are being found. Along with 10,000 email addresses associated with the US Military, where having an affair is illegal, there are also some 5,000 emails linked to various branches of the US government. Along side the vast cache of email addresses are also user passwords. Analysis shows that most common password was ‘123456’ and ‘password’. A reminder, if we ever needed one, that choosing a strong multi-character passwords matter. There has been some speculation about the validity of the data, as ashleymadison,com did not require users to verify their accounts, leaving open the possibility that some people were signed up maliciously by others.
In its most recent statement, the company said: “We immediately launched a full investigation utilising independent forensic experts and other security professionals to assist with determining the origin, nature, and scope of this attack. Our investigation is still ongoing and we are simultaneously cooperating fully with law enforcement investigations.”
Bryce Evans of the Toronto police, addressing the hackers, said: “I want to make it very clear to you your actions are illegal and we will not be tolerating them. This is your wake-up call.”
The fallout among users of the site is slowly becoming clear with unconfirmed reports of partners discovering affairs and even two reported suicides in response to the leak. Whatever the long term out come for the individuals involved, the ashleymadison.com leak is likely to have a big impact on how companies deal with customers information and the trust users place in websites to secure and delete highly private information in the future.
Here at EasyHide VPN we help ensure a high level of security for you online. Our services start from just a few pounds a month.