Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

7/20/2015
11:30 AM
100%
0%

Ashley Madison Exposed: Affair Hookup Site Hacked, Member Data Posted Online

Member data pilfered, posted in apparent hacktivist-style doxing attack.

Call it hacktivism with a spin: a controversial website for people seeking others who want to have an affair was hacked and personal details of its members leaked online.

The CEO of Ashley Madison, a controversial website that facilitates adulterous affairs and hookups, confirmed to Krebs On Security that it was hacked and possibly by or with the help of an insider who is not an employee.

The attacker or attackers claiming responsibility call themselves The Impact Team, and said in an online statement that it grabbed data on all of the 37 million users of Ashley Madison and its sister sites Couger Life and Established Men. All three sites are owned by Avid Life Media (ALM). 

The Impact Team reportedly dumped some 49 megabytes of information, including credit card information and internal ALM documents, with the promise of dumping all of the database if Ashley Madison's site isn't taken down.

The hackers said in their post with the stolen ALM information that the company's service offer for a "full delete" of user history and payment information is a farce, and that information is not "actually scrubbed," leaving real identities and addresses on the database, Krebs On Security reported. 

"So here’s the the lesson for anyone creating accounts on websites: always assume the presence of your account is discoverable. It doesn’t take a data breach, sites will frequently tell you either directly or implicitly. Moral judgement about the nature of these sites aside, members are entitled to their privacy. If you want a presence on sites that you don’t want anyone else knowing about, use an email alias not traceable back to yourself or an entirely different account altogether," says security expert and Microsoft MVP for developer security Troy Hunt in his personal security blog.

Read more about the Ashley Madison breach here

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
CharinaM316
50%
50%
CharinaM316,
User Rank: Apprentice
8/24/2015 | 10:02:51 AM
Re: Is this site legal?
I don't understand how anyone would think this site is illegal! It's married people hooking up with unmarried/married people. It's called an affair an although morally wrong, it is not illegal. What I don't understand is why the hackers are not being prosecuted also. They should be. I don't understand because they leaked credit card information. If I bought something through eBay, Amazon, or even paid my bills online & a hacker was caught exposing the info would they not be prosecuted? Everbody thinks that's exactly what these men/women deserve but no, they deserve for their spouse to get a fat chunk of everything in that impending divorce proceding. They don't need more bills added on because of the credit card leak. The cheated on spice needs to get as much as they can. I thought it was very funny that many of the guys expessing disgust are government officials where I live that I KNOW for a fact have cheated on their wives. I bartended @ a couple of well known adult entertainment clubs for years! Lol
JulienOrmidal
50%
50%
JulienOrmidal,
User Rank: Apprentice
7/30/2015 | 4:43:30 PM
Wont survive
Hi, actually I dont think this site will survive and I hope it will NOT actually..
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/22/2015 | 4:09:20 PM
Number of users will grow
 

If this site survive this disaster then I bet expect that number of users will sky rocket on this site.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/22/2015 | 4:07:24 PM
Re: It's is the Internet
That is what I was wondering, it is not ethical for sure, is it really legal? I wonder how they would not end up with problems with the governments with this site.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/22/2015 | 4:05:09 PM
Re: It's is the Internet
Agree, you do not expect privacy in the internet. Once it is there you can expect that it is disclosed to the world.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/22/2015 | 4:02:44 PM
Is this site legal?
I did not even know could be a legal site. How are they able to survive up top this point without any legal issue?
srreeee
50%
50%
srreeee,
User Rank: Apprentice
7/21/2015 | 11:03:05 AM
Re: It's is the Internet
well said
ODA155
50%
50%
ODA155,
User Rank: Ninja
7/21/2015 | 8:52:24 AM
Re: It's is the Internet
...and the exact same thing can be said for any large financial organization.
Thomas Claburn
100%
0%
Thomas Claburn,
User Rank: Ninja
7/20/2015 | 5:05:35 PM
Re: It's is the Internet
That a site supporting infidelity might prove less than trustworthy. Who'd have thought?
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
7/20/2015 | 12:38:07 PM
It's is the Internet
Let's just say if you don't want to potentially be exposed to the public or have something exposed to the public that you should not interact with the Internet for that particular instance. No matter how stringent the protocols of the site, in situations such as this privacy agreements and such don't mean anything.
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I told you we should worry abit more about vendor lock-in.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .