Multiple reports suggest that Impact Team has leaked around 9.6 to 10 gigabytes of data from the "cheating/affair website" Ashley Madison onto Tor sites (now available via BitTorrent). According to Ars Technica:
A 10-gigabyte file purportedly containing e-mails, member profiles, credit-card transactions and other sensitive Ashley Madison information became available as a BitTorrent download in the past few hours. Ars downloaded the massive file and it appeared to contain a trove of details taken from a clandestine dating site, but so far there is nothing definitively linking it to Ashley Madison. User data included e-mail addresses, profile descriptions, addresses provided by users, weight, and height. A separate file containing credit card transaction data didn't include full payment card numbers or billing addresses.
Rob Graham, CEO of Errata Security, said the dump also included user passwords that were cryptographically protected using the bcrypt hashing algorithm. That's among the most secure ways to store passwords, because bcrypt is extremely slow, a trait that requires crackers to devote vast amounts of time and computing resources. Still, it's highly likely a large percentage of the hashes will be cracked, given rampant use of weak passwords.
Ashley Madison officials have stopped short of confirming the published information was extracted from the breach.
"We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data," they wrote in an e-mail to Ars. "We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business."
Previously: Adult 'Extracurricular Activity' Website AshleyMadison.com Hacked
(Score: 2) by mendax on Wednesday August 19 2015, @02:08AM
The Blackmail sketch [youtube.com] from Monty Python's Flying Circus, a photo from which showing Terry Jones in his birthday suit at the organ in El Reg's article, is very apropos here: Send us £15 to stop us from revealing to your husband and lovely children the name the name of your lover in Bolton. Now, all we need is some video so we can play "Stop the Film"!
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 3, Funny) by wonkey_monkey on Wednesday August 19 2015, @07:18AM
Send us £15 to stop us from revealing to your husband and lovely children the name the name of your lover in Bolton.
Go ahead. You've already revealed the most shameful part of the whole sordid mess.
systemd is Roko's Basilisk