Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

7/20/2015
11:30 AM
100%
0%

Ashley Madison Exposed: Affair Hookup Site Hacked, Member Data Posted Online

Member data pilfered, posted in apparent hacktivist-style doxing attack.

Call it hacktivism with a spin: a controversial website for people seeking others who want to have an affair was hacked and personal details of its members leaked online.

The CEO of Ashley Madison, a controversial website that facilitates adulterous affairs and hookups, confirmed to Krebs On Security that it was hacked and possibly by or with the help of an insider who is not an employee.

The attacker or attackers claiming responsibility call themselves The Impact Team, and said in an online statement that it grabbed data on all of the 37 million users of Ashley Madison and its sister sites Couger Life and Established Men. All three sites are owned by Avid Life Media (ALM). 

The Impact Team reportedly dumped some 49 megabytes of information, including credit card information and internal ALM documents, with the promise of dumping all of the database if Ashley Madison's site isn't taken down.

The hackers said in their post with the stolen ALM information that the company's service offer for a "full delete" of user history and payment information is a farce, and that information is not "actually scrubbed," leaving real identities and addresses on the database, Krebs On Security reported. 

"So here’s the the lesson for anyone creating accounts on websites: always assume the presence of your account is discoverable. It doesn’t take a data breach, sites will frequently tell you either directly or implicitly. Moral judgement about the nature of these sites aside, members are entitled to their privacy. If you want a presence on sites that you don’t want anyone else knowing about, use an email alias not traceable back to yourself or an entirely different account altogether," says security expert and Microsoft MVP for developer security Troy Hunt in his personal security blog.

Read more about the Ashley Madison breach here

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
CharinaM316
50%
50%
CharinaM316,
User Rank: Apprentice
8/24/2015 | 10:02:51 AM
Re: Is this site legal?
I don't understand how anyone would think this site is illegal! It's married people hooking up with unmarried/married people. It's called an affair an although morally wrong, it is not illegal. What I don't understand is why the hackers are not being prosecuted also. They should be. I don't understand because they leaked credit card information. If I bought something through eBay, Amazon, or even paid my bills online & a hacker was caught exposing the info would they not be prosecuted? Everbody thinks that's exactly what these men/women deserve but no, they deserve for their spouse to get a fat chunk of everything in that impending divorce proceding. They don't need more bills added on because of the credit card leak. The cheated on spice needs to get as much as they can. I thought it was very funny that many of the guys expessing disgust are government officials where I live that I KNOW for a fact have cheated on their wives. I bartended @ a couple of well known adult entertainment clubs for years! Lol
JulienOrmidal
50%
50%
JulienOrmidal,
User Rank: Apprentice
7/30/2015 | 4:43:30 PM
Wont survive
Hi, actually I dont think this site will survive and I hope it will NOT actually..
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/22/2015 | 4:09:20 PM
Number of users will grow
 

If this site survive this disaster then I bet expect that number of users will sky rocket on this site.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/22/2015 | 4:07:24 PM
Re: It's is the Internet
That is what I was wondering, it is not ethical for sure, is it really legal? I wonder how they would not end up with problems with the governments with this site.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/22/2015 | 4:05:09 PM
Re: It's is the Internet
Agree, you do not expect privacy in the internet. Once it is there you can expect that it is disclosed to the world.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/22/2015 | 4:02:44 PM
Is this site legal?
I did not even know could be a legal site. How are they able to survive up top this point without any legal issue?
srreeee
50%
50%
srreeee,
User Rank: Apprentice
7/21/2015 | 11:03:05 AM
Re: It's is the Internet
well said
ODA155
50%
50%
ODA155,
User Rank: Ninja
7/21/2015 | 8:52:24 AM
Re: It's is the Internet
...and the exact same thing can be said for any large financial organization.
Thomas Claburn
100%
0%
Thomas Claburn,
User Rank: Ninja
7/20/2015 | 5:05:35 PM
Re: It's is the Internet
That a site supporting infidelity might prove less than trustworthy. Who'd have thought?
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
7/20/2015 | 12:38:07 PM
It's is the Internet
Let's just say if you don't want to potentially be exposed to the public or have something exposed to the public that you should not interact with the Internet for that particular instance. No matter how stringent the protocols of the site, in situations such as this privacy agreements and such don't mean anything.
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9351
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the a...
CVE-2020-9352
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.
CVE-2020-9353
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML ...
CVE-2020-9354
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. pat...
CVE-2020-9355
PUBLISHED: 2020-02-23
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.