ShareThis
It's been all over the media, and Wired.com reported on the technical intricacies: The hackers who stole sensitive customer information from the cheating site AshleyMadison.com made good on their threat to publish the data online. They posted 9.7 gigabytes, and then an even bigger dump of 20 gigabytes, onto the dark web, using an address accessible only through the Tor browser.
The files included account and log-in details for some 32 million users of the social networking site, the self-proclaimed premier website for married individuals seeking partners for affairs. Seven years worth of credit card and other payment transaction details were also in the data dump.
AshleyMadison.com claimed to have nearly 40 million users at the time of the breach, all apparently in the market for clandestine hookups. “Ashley Madison is the most famous name in infidelity and married dating,” the site asserts on its homepage. “Have an Affair today on Ashley Madison. Thousands of cheating wives and cheating husbands signup everyday looking for an affair…. With our affair guarantee package we guarantee you will find the perfect affair partner.”
The data released by the hackers included names, passwords, addresses and phone numbers submitted by users of the site, though it’s unclear how many members provided fake information to open accounts. A sampling of the leaked data by Wired.com indicated that some had provided random numbers and addresses.
But the credit card transactions likely included real names and addresses, unless members of the site used anonymous pre-paid cards, which offer more anonymity. This data amounted to millions of payment transactions going back to 2008, including name, street address, email address and amount paid (but not the full credit card numbers; instead it gave just four digits for each transaction, which could be either the last four digits of the credit card numbers or simply a transaction ID for each payment).
Wired.com's analysis found that some 15,000 email addresses were .mil. or .gov addresses. But it was not clear how many of these were legitimate.
The data also included descriptions of what members were seeking. “I’m looking for someone who isn’t happy at home or just bored and looking for some excitement,” wrote one member who provided an address in Ottawa and the name and phone number of someone who works for the Customs and Immigration Union in Canada.
“I love it when I’m called and told I have 15 minutes to get to someplace where I’ll be greeted at the door with a surprise—maybe lingerie, nakedness. I like to ravish and be ravished … I like lots of foreplay and stamina, fun, discretion, oral, even willingness to experiment—*smile*.”
Up to now, one could be forgiven for a bit of Schadenfreude. After all, these users had it coming to them. After all, they belonged to an online adultery club. Duh.
But in September, things became deadly serious when AshleyMadion.com user John Gibson killed himself (see his family's touching appeal on this video).
Gibson's wife went public saying that the hackers had no right to invade his privacy and accusing them of being responsible for her husband's suicide, for destroying her family.
Following their intrusion, the hackers, who called themselves the Impact Team, had issued an ultimatum to Avid Life Media, owner of AshleyMadison.com and its companion site Established Men, and demanded that ALM take down both sites.
(EstablishedMen.com promises to connect beautiful young women with rich sugar daddies “to fulfill their lifestyle needs.” Interestingly, the hackers did not target CougarLife, a sister site run also by Avid Life Media that promises to connect older women with younger men.)
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails,” the hackers wrote in a statement following the breach.
To show they meant business, they posted sample files containing some of the stolen data, which included company financial information detailing employee salaries and documents mapping the company’s internal network.
On the surface, the hackers targeted AshleyMadison and EstablishedMen over the questionable morals both condoned and encouraged, but they also attacked what they saw as ALM’s fraudulent business practices, wrote Wired.com. Despite promising customers to delete their user data from the site for a $19 fee, the company actually retained the data on ALM’s servers, the hackers claimed. “Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers wrote. “Too bad for ALM, you promised secrecy but didn’t deliver.”
The hackers introduced the data dump with this message:
“TIME'S UP! Avid Life Media has failed to take down Ashley Madison and Established Men,” Impact Team wrote in a statement with the online dump. “We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
"Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.”
The hackers charged ALM with sole responsibility for any damages or repercussions that victims of the breach and data dump might suffer.
“Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it,” they wrote.
But now the data dump has cost a life. Then again, John Gibson, the AshleyMadison user who committed suicide, was a pastor. What is a pastor doing on an adultery website?
What do you say? Were the hackers right to compromise the identities, financial information and preferences of millions of AshleyMadison.com users? Did those users have it coming to them? Or was the disclosure not only an illegal theft but also an illegitimate breach of privacy? I look forward to your comments, here or on my blog http://thomaszweifel.blogspot.com/.
Dr. Thomas D. Zweifel is a strategy & performance expert and coach for leaders of Global 1000 companies. His book The Rabbi and the CEO: The Ten Commandments for 21st Century Leaders (also available in German, Russian and Polish) applies the Ten Commandments to ethical and effective modern management.
If you need to hire a real hacker to remotely monitor / hack your partner's phone, recover your stolen bitcoin / any other cryptocurrency, or hack a database with guaranteed privacy, contact easybinarysolutions@gmail.com or whatsapp: +1 3478577580, they are efficient and confidential.
ReplyDelete