The hackers behind the massive breach of user data from Ashley Madison are still at it, posting vast quantities of private data from the cheaters’ dating site for the second time this week.
The hackers calling themselves Impact Team have released another nearly 20 gigs of data, roughly double the size of the earlier data dump.
Motherboard reported on Thursday (20 August) that Impact Team posted the second batch of data on the same Dark Web site as before.
The new trove of files seems to include internal corporate data from Ashley Madison.
One of the folders is called noel.biderman.mail.7z, implying that it contains contents from the email account of Noel Biderman, the CEO and founder of Ashley Madison, Motherboard reported.
The data batch was accompanied by a personal message for Biderman.
Hey Noel, you can admit it's real now
-- Impact Team
The message was signed with the same PGP key used previously by Impact Team, according to Motherboard.
Biderman hasn’t denied the hack of Ashley Madison occurred – in fact, he told security journalist Brian Krebs last month that “we’re not denying this happened.”
However, a statement from Ashley Madison parent company Avid Life Media (ALM) on Tuesday, 18 August, was carefully worded to avoid confirming the validity of the data.
We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data. We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort.
Raja Bhatia, the former founding CTO of Ashley Madison who has been consulting the company since the breach happened a month ago, said that the hackers’ data dump included “fake data,” Krebs reported.
Yet Krebs and other security experts now believe the exposed data is real – and that is no doubt causing anxiety for millions of Ashley Madison customers.
The first data dump contained 10 gigs of personal information from Ashley Madison customers, including email addresses, profile descriptions, postal addresses, GPS locations, sexual preferences, weight and height measurements, and some credit card data.
Although Impact Team claims its intent is to shame ALM and its executives, we have to wonder – are the owners of a site like this capable of shame?
And even if Biderman is the main target of this apparent doxing of millions of users, a whole lot of cheating spouses are becoming collateral damage.
If you’re curious, Biderman’s bio says he is happily married with two children.
Image of cheater courtesy of Shutterstock.com. Image of Impact Team message via Motherboard.
an observer
Raja Bhatia did not tell Krebs that the dump include fake data. Instead, he tried to tell Krebs that they were getting dozens of fake dumps a day and that they couldn’t verify if this one was real or not. He was basically trying to distract away from the real dump by claiming there were dozens of fake ones. It is now 100% clear that the original 9.7Gig dump, as well as this second 20 gig one, are absolutely real and potentially devastating. Ashley Madison has not handled this well at all– their official messaging has been awful and they also hired a FORMER employee (former CTO Bhatia actually) to lead an investigation. Finally, their social media press releases contain links to one of the guys personal facebook pages. You would think that a company who could afford to lend its CEO $3million would have a better incident response procedure, because all they are doing now is bumbling around.
Anonymous
You are mistaking them for someone that cares. It’s not about people, it’s about money/greed. These people (AM owners) will be happy to retire and no doubt have several alias bank accounts.
Another observer
This is nothing but a direct attack on the privacy and freedom of the millions of AM subscribers. What they do, don’t do, or might want to do, has no impact on the “Impact team” or indeed anyone else outside their own circles. The act is potentially devastating for millions of people and as such represents an attack on the public. This is dump is not a moral statement, not anti-establishment, not a fight for internet freedoms, nor a shout against big-brother surveillance. It is nothing but a vicious and selfish attack on the users of AM. Whatever “Impact” may think of their morals, their morals are and should have remained their own private “affair”. The actions of “Impact” are potentially destroying family lives and childhoods. What they have done is more than immoral, it is evil.
PS. I’ve never been on the Ashley Maddison website. I have no personal axe to grind. I do however believe that private and consensual activity between adults is none of anyone else’s business. I don’t care what other people get up to as long as no one gets hurt. Actions like the data dump that threaten the happiness and well-being of families and kids. It is directly going to hurt a lot of people.
Rob
I see your point of view for sure, but the company executives had a responsibility to make prudent decisions. Hindsight 20/20, they didn’t use their “dirty money” to be responsible.
That is to say, I shouldn’t be allowed to setup a business with shoddy practices and then blame it on the 4 year old that breaks into the network.
Dan
And the number one lesson to be learned here is, that one should never expect privacy online and expect companies to protect the privacy of those that use their services. People need to be held accountable for their actions. Ashley Madison website is without blame here. They only facilitated the act of infidelity. You are the type of person that would apply blame to a beer company for DWI Deaths. Your logic is flawed, and these marriages and relationships were already in trouble and potentially already affecting the lives of their offspring and significant others. You are part of the problem. Had these people understood their privacy and put into retrospect the issues that plague businesses that do business online, do you think they would have used an online dating site to have affairs? You are grossly mistaken, as these same people probably get PO Boxes to get another credit card under so they can hide their extramarital affairs from their family and friends. So this should teach people if you are unhappy in a relationship just be honest and upfront and leave then go affairs without being married.
PraiseJibbers
You know, I agree that private lives shouldn’t be made available to the public. However, now the people that use this website to break trust with their partners will not be able to hide this from their SO. I don’t care about the data. I’m just waiting for a searchable index to be brought online so people that suspect their partners of cheating can find out the truth.
Paul Ducklin
How will you know that this data – that was stolen by crooks and published unlawfully, as far as I can see – *is* the truth? Using it as you describe…doesn’t that come perilously close to “receiving stolen property”?
Robert Stoneking
I wonder how many innocent bystanders got hit by this. I expect a lot of the users are using someone elses name. Did the guy in the next cubicle use yours?
Wilderness
The real problem here wasn’t security. It was immorality.
Anonymous
A business is a business and what the Impact Team is certainly going to have an impact. There are many businesses that prey on immorality or some type of degeneration of society. However exposing those using the website and their financial information has now created victims, not only of the web masters and the users, but of the families, and everyone surrounding this. It’s all fun and games to tar and feather the cheater. But what about the grief to the spouse, the children, the family and friends. This is not humiliation. This is not morality. This Impact Team is simply a group of domestic technology terrorists who want people not to feel safe. And this is from someone who was cheated on by her spouse online for many years.