Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

7/20/2015
11:30 AM
100%
0%

Ashley Madison Exposed: Affair Hookup Site Hacked, Member Data Posted Online

Member data pilfered, posted in apparent hacktivist-style doxing attack.

Call it hacktivism with a spin: a controversial website for people seeking others who want to have an affair was hacked and personal details of its members leaked online.

The CEO of Ashley Madison, a controversial website that facilitates adulterous affairs and hookups, confirmed to Krebs On Security that it was hacked and possibly by or with the help of an insider who is not an employee.

The attacker or attackers claiming responsibility call themselves The Impact Team, and said in an online statement that it grabbed data on all of the 37 million users of Ashley Madison and its sister sites Couger Life and Established Men. All three sites are owned by Avid Life Media (ALM). 

The Impact Team reportedly dumped some 49 megabytes of information, including credit card information and internal ALM documents, with the promise of dumping all of the database if Ashley Madison's site isn't taken down.

The hackers said in their post with the stolen ALM information that the company's service offer for a "full delete" of user history and payment information is a farce, and that information is not "actually scrubbed," leaving real identities and addresses on the database, Krebs On Security reported. 

"So here’s the the lesson for anyone creating accounts on websites: always assume the presence of your account is discoverable. It doesn’t take a data breach, sites will frequently tell you either directly or implicitly. Moral judgement about the nature of these sites aside, members are entitled to their privacy. If you want a presence on sites that you don’t want anyone else knowing about, use an email alias not traceable back to yourself or an entirely different account altogether," says security expert and Microsoft MVP for developer security Troy Hunt in his personal security blog.

Read more about the Ashley Madison breach here

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
CharinaM316
50%
50%
CharinaM316,
User Rank: Apprentice
8/24/2015 | 10:02:51 AM
Re: Is this site legal?
I don't understand how anyone would think this site is illegal! It's married people hooking up with unmarried/married people. It's called an affair an although morally wrong, it is not illegal. What I don't understand is why the hackers are not being prosecuted also. They should be. I don't understand because they leaked credit card information. If I bought something through eBay, Amazon, or even paid my bills online & a hacker was caught exposing the info would they not be prosecuted? Everbody thinks that's exactly what these men/women deserve but no, they deserve for their spouse to get a fat chunk of everything in that impending divorce proceding. They don't need more bills added on because of the credit card leak. The cheated on spice needs to get as much as they can. I thought it was very funny that many of the guys expessing disgust are government officials where I live that I KNOW for a fact have cheated on their wives. I bartended @ a couple of well known adult entertainment clubs for years! Lol
JulienOrmidal
50%
50%
JulienOrmidal,
User Rank: Apprentice
7/30/2015 | 4:43:30 PM
Wont survive
Hi, actually I dont think this site will survive and I hope it will NOT actually..
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/22/2015 | 4:09:20 PM
Number of users will grow
 

If this site survive this disaster then I bet expect that number of users will sky rocket on this site.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/22/2015 | 4:07:24 PM
Re: It's is the Internet
That is what I was wondering, it is not ethical for sure, is it really legal? I wonder how they would not end up with problems with the governments with this site.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/22/2015 | 4:05:09 PM
Re: It's is the Internet
Agree, you do not expect privacy in the internet. Once it is there you can expect that it is disclosed to the world.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/22/2015 | 4:02:44 PM
Is this site legal?
I did not even know could be a legal site. How are they able to survive up top this point without any legal issue?
srreeee
50%
50%
srreeee,
User Rank: Apprentice
7/21/2015 | 11:03:05 AM
Re: It's is the Internet
well said
ODA155
50%
50%
ODA155,
User Rank: Ninja
7/21/2015 | 8:52:24 AM
Re: It's is the Internet
...and the exact same thing can be said for any large financial organization.
Thomas Claburn
100%
0%
Thomas Claburn,
User Rank: Ninja
7/20/2015 | 5:05:35 PM
Re: It's is the Internet
That a site supporting infidelity might prove less than trustworthy. Who'd have thought?
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
7/20/2015 | 12:38:07 PM
It's is the Internet
Let's just say if you don't want to potentially be exposed to the public or have something exposed to the public that you should not interact with the Internet for that particular instance. No matter how stringent the protocols of the site, in situations such as this privacy agreements and such don't mean anything.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15138
PUBLISHED: 2020-08-07
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin...
CVE-2020-9490
PUBLISHED: 2020-08-07
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerab...
CVE-2020-11852
PUBLISHED: 2020-08-07
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syste...
CVE-2020-11984
PUBLISHED: 2020-08-07
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-11985
PUBLISHED: 2020-08-07
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...