Sophos News

Ashley Madison hackers keep on going, post even BIGGER trove of data

  • John Zorabedian

    • The hackers behind the massive breach of user data from Ashley Madison are still at it, posting vast quantities of private data from the cheaters’ dating site for the second time this week.

    The hackers calling themselves Impact Team have released another nearly 20 gigs of data, roughly double the size of the earlier data dump.

    Motherboard reported on Thursday (20 August) that Impact Team posted the second batch of data on the same Dark Web site as before.

    The new trove of files seems to include internal corporate data from Ashley Madison.

    One of the folders is called noel.biderman.mail.7z, implying that it contains contents from the email account of Noel Biderman, the CEO and founder of Ashley Madison, Motherboard reported.

    The data batch was accompanied by a personal message for Biderman.

    Hey Noel, you can admit it's real now
    -- Impact Team

    The message was signed with the same PGP key used previously by Impact Team, according to Motherboard.

    Biderman hasn’t denied the hack of Ashley Madison occurred – in fact, he told security journalist Brian Krebs last month that “we’re not denying this happened.”

    However, a statement from Ashley Madison parent company Avid Life Media (ALM) on Tuesday, 18 August, was carefully worded to avoid confirming the validity of the data.

    We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data. We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort.

    Raja Bhatia, the former founding CTO of Ashley Madison who has been consulting the company since the breach happened a month ago, said that the hackers’ data dump included “fake data,” Krebs reported.

    Yet Krebs and other security experts now believe the exposed data is real – and that is no doubt causing anxiety for millions of Ashley Madison customers.

    The first data dump contained 10 gigs of personal information from Ashley Madison customers, including email addresses, profile descriptions, postal addresses, GPS locations, sexual preferences, weight and height measurements, and some credit card data.

    Although Impact Team claims its intent is to shame ALM and its executives, we have to wonder – are the owners of a site like this capable of shame?

    And even if Biderman is the main target of this apparent doxing of millions of users, a whole lot of cheating spouses are becoming collateral damage.

    If you’re curious, Biderman’s bio says he is happily married with two children.

    Image of cheater courtesy of Shutterstock.com. Image of Impact Team message via Motherboard.