Ashley Madison hackers publish compromised records

18.08.2015
The group responsible for the Ashley Madison hack published the compromised records on Tuesday, delivering on the promise made when the hack was announced in July. The compromised records include account profile information, personal information, financial records, and more.

In July, a group calling themselves Impact Team leaked a selection of files that they claimed originated form Avid Life Media (ALM), the company behind adult playgrounds of Ashley Madison, Cougar Life, Established Men, and others.

The group said they had fully compromised the company's records, and demanded that they halt operations on Ashley Madison and Established Men. If that didn't happen, the group said they would publish the compromised records in full.

The reason for the attack, the group said, is because the company "profits on the pain of others."

On Tuesday, they delivered on their promise, and released 10GB of data to the public. Along with links to the leaked data, the group published the following:

The group also published a key so that anyone downloading them would know they came from the proper source.

The leaked files include databases complete with account information, profile data, PII, and financial data. Among the records are 15,019 accounts using either a .mil or .gov email address. Other records indicate that the user created their ALM profile with a work related email address.

On Twitter, @t0x0 provided Salted Hash with a breakdown of these addresses. A brief example is below; the image contains the full list of domains.

If the data in the leaked files is valid, then Impact Team has created a blackmail archive that could land scores of people in hot water.

However, ALM never required that data be valid unless the user registered for a paid account, and even then the verification process wasn't that hard to bypass as long as the bills were paid.

Clearly there are plenty of false records, including those from the White House, or yahoo.gov. However, the records with full account details, including profiles matched to personal and financial records, are going to be harder to dispute.

This story is developing, and will be updated as new information becomes available.

(www.csoonline.com)

Steve Ragan