Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Wednesday August 19 2015, @01:30AM   Printer-friendly
from the find-your-own-torrent dept.

Multiple reports suggest that Impact Team has leaked around 9.6 to 10 gigabytes of data from the "cheating/affair website" Ashley Madison onto Tor sites (now available via BitTorrent). According to Ars Technica:

A 10-gigabyte file purportedly containing e-mails, member profiles, credit-card transactions and other sensitive Ashley Madison information became available as a BitTorrent download in the past few hours. Ars downloaded the massive file and it appeared to contain a trove of details taken from a clandestine dating site, but so far there is nothing definitively linking it to Ashley Madison. User data included e-mail addresses, profile descriptions, addresses provided by users, weight, and height. A separate file containing credit card transaction data didn't include full payment card numbers or billing addresses.

Rob Graham, CEO of Errata Security, said the dump also included user passwords that were cryptographically protected using the bcrypt hashing algorithm. That's among the most secure ways to store passwords, because bcrypt is extremely slow, a trait that requires crackers to devote vast amounts of time and computing resources. Still, it's highly likely a large percentage of the hashes will be cracked, given rampant use of weak passwords.

Ashley Madison officials have stopped short of confirming the published information was extracted from the breach.

"We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data," they wrote in an e-mail to Ars. "We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business."

Previously: Adult 'Extracurricular Activity' Website AshleyMadison.com Hacked


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by c0lo on Wednesday August 19 2015, @01:33AM

    by c0lo (156) Subscriber Badge on Wednesday August 19 2015, @01:33AM (#224721) Journal
    I predict a good time ahead for divorce lawyers.
    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Informative=1, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 0) by Anonymous Coward on Wednesday August 19 2015, @02:48AM

    by Anonymous Coward on Wednesday August 19 2015, @02:48AM (#224742)

    Maybe they were behind it. Then again ...

    • (Score: 2) by c0lo on Wednesday August 19 2015, @03:23AM

      by c0lo (156) Subscriber Badge on Wednesday August 19 2015, @03:23AM (#224767) Journal
      Nah... dumping everything at once is stupid for the divorce lawyering business - creates a huge boom (and the bust that follows won't be an artsie one [wikipedia.org])
      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
  • (Score: 2) by iWantToKeepAnon on Wednesday August 19 2015, @01:59PM

    by iWantToKeepAnon (686) on Wednesday August 19 2015, @01:59PM (#224974) Homepage Journal
    Assuming the other partner being cheated on is suspicious, knows about the breach/dump, and is technically savy enough to download, use gzip/7z, grep/notepad, and parse/read/understand the format. Kind of a long shot IMO.
    --
    "Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
    • (Score: 1) by ralphhogaboom on Wednesday August 19 2015, @05:48PM

      by ralphhogaboom (5304) on Wednesday August 19 2015, @05:48PM (#225101)

      Or what's more likely, someone creates a searchable website front end for the data. Punch in the last name, and it shows the last four of the CC number that matches. Or search by email address, and see results that way.

  • (Score: 2) by halcyon1234 on Wednesday August 19 2015, @04:30PM

    by halcyon1234 (1082) on Wednesday August 19 2015, @04:30PM (#225065)

    I wouldn't be shocked if a divorce lawyer download the DB, extracted the addresses, and sent out a mass mailing. They could even dress up the envelope to be inconspicuous, address it to "The Lady Of The House". Some flowery language about "thinking about your future" and "sometimes the time to be your own woman is now". I'm sure they'd get a large enough hit rate to offset any bad press or legal ramifications.

    Note: I'm not saying this is right or just. It's spamming, and scummy as fucking hell-- but these are lawyers. I'm not saying anyone should. I'm just saying I won't be surprised if it happens.

    --
    Original Submission [thedailywtf.com]