Slashdot Mirror
Affair Site Hackers Threaten Release of All User Data Unless It Closes
heretic108 writes: According to KrebsOnSecurity, the infamous Ashley Madison affairs hookup website has been hacked by a group calling itself The Impact Team. This group is demanding the immediate and permanent shutdown of Ashley Madison, as well as similar sites Cougar Life and Established Man, owned by the same company: Avid Life Media. If the sites aren't shut down, the hackers are threatening to publicly release personal data for 37 million users. ALM has confirmed that a hack took place, and the hackers posted snippets of account data, as well as bank and salary information from the company itself.
People likely to have an affair will do so with or without a website...
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
when I signed for ashleymadison.com
Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
Was reading at geek inspector and it asked the question, are you one of them? Makes me really think about the 37 million folks, I wonder what they are thinking? They would probably pay about anything for their info not to be released. I wonder if the hackers will setup a site to do a "pay for delete"?
I get the feeling most of the profiles are fake anyway to pull in gullible males. Never give in to blackmail.
The first thing that came to mind when I heard of this site is "This is a prime target for a hacking/blackmail scheme." The only surprise here is that it didn't happen sooner.
Taking guns away from the 99% gives the 1% 100% of the power.
Does this qualify as Terrorism? Or just as blackmail?
...as revenge porn?
Andy Warhol got it right / Everybody gets the limelight
Andy Warhol got it wrong / Fifteen minutes is too long.
Now I'll get my listing circulated without paying a renewal fee!
Even it seems to be getting the shit pounded out of it.
cache
archive.org's just goes back to the original, the original never worked for me and the rest are taking a long long time to load.
One immoral act to shutdown another immoral act
Let's see them try to roll out credit protection here. It better come with a box of chocolates, some roses, and a spa-treatment (or a 6-pack and tickets to your spouses favorite event) because that credit score WILL go in the toilet.
Mod me down, I shall become more off-topic than you could possibly imagine.
we really needed moral superiority complex hackers....there's no hope for humanity...someone is always going to have the need to shove down someone else throat their views.... no matter how 'smart' .... hope the aliens nuke this shithole asap...
"shut down your predatory sites or we will forcibly liberate 37 million victims of either abusive, dead end, loveless, or empty relationships and leave them to reconcile the adult responsibilities of integrity, trust, and honesty while potentially fostering an atmosphere of open discourse on the nature of marriage, divorce, alimony, custody, and child support."
Good people go to bed earlier.
Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is “Life is short. Have an affair.”
The data released by the hacker or hackers — which self-identify as The Impact Team — includes sensitive internal data stolen from Avid Life Media (ALM), the Toronto-based firm that owns AshleyMadison as well as related hookup sites Cougar Life and Established Men.
Reached by KrebsOnSecurity late Sunday evening, ALM Chief Executive Noel Biderman confirmed the hack, and said the company was “working diligently and feverishly” to take down ALM’s intellectual property. Indeed, in the short span of 30 minutes between that brief interview and the publication of this story, several of the Impact Team’s Web links were no longer responding.
“We’re not denying this happened,” Biderman said. “Like us or not, this is still a criminal act.”
Besides snippets of account data apparently sampled at random from among some 40 million users across ALM’s trio of properties, the hackers leaked maps of internal company servers, employee network account information, company bank account data and salary information.
The compromise comes less than two months after intruders stole and leaked online user data on millions of accounts from hookup site AdultFriendFinder.
In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.
According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
Their demands continue:
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”
A snippet of the message left behind by the Impact Team.
It’s unclear how much of the AshleyMadison user account data has been posted online. For now, it appears the hackers have published a relatively small percentage of AshleyMadison user account data and are planning to publish more for each day the company stays online.
“Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers continued. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
ALM CEO Biderman declined to discuss specifics of the company’s investigation, which he characterized as ongoing and fast-moving. But he did suggest that the incident may have been the work
Help build the anti-software-patent wiki
The majority of us can't even talk to women! Let alone get married and cheat on them.
Full disclosure: I'm not defending this company for what it does.
For those of you who were tired of the old criminal justice system, be careful what you wish for. To these hackers and many other people, the fact that this company is not illegal in the eyes of the old criminal justice system is irrelevant. To these hackers, it is amoral. These hackers have decided unilaterally what morality is, who is guilty, and how punishment will be executed. Publicly destroying people and businesses that somehow offend somebody else is now the new normal. The old system of justice won't protect you anymore because even if the old system catches these hackers, the damage will be done and can't be undone.
Like a hacker scorned.
Come on, that's a glorious name. Go TIT!
I'm not happy this is happening, but I do hope that when things like this happen it makes people think critically about putting their private lives and their means of communication on other peoples servers (i.e. "the cloud").
It's folly to think that 37 million Facebook accounts, with all their private messages and chats, won't be the next.
Help build the anti-software-patent wiki
These hackers are a confusing lot. They make a decision to break laws and do unethical things in the name of morals. Is there a word for this kind of behavior?
A source at Gawker said that the online putrid pus ball publication was in negotiation with the hackers to not release the account data, but to sell it to Gawker. Said Nick Denton, "Hold on, I can't stop cumming. I'll talk to you later. GET OUT!"
Why would anyone using a cheaters' hookup site use their real name?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Everything is black and white to them, no shades of grey. They don't really understand the more complex levels of human nature and morality and try to fit it into their rather restricted mental box along with the typical teenage arrogance that makes them assume they're right about everything and everyone else is wrong.
Keep the site up and running, and RISK going out of business.
- or -
Go out of business and actually go out of business.
I wonder; what choice is a predatory, opportunistic venture bound to take?
Krebs is overloaded by train-wreck picnickers
Noel Biderman CEO of How Low Can We Go, trading as Avid Media.
Some of his demonstrably patent bullshit about their security.
"We have always had the confidentiality of our customers' information foremost in our minds, and have had stringent security measures in place".
Um, encryption - have you heard of it? And PCI - yeah, right, a bus protocol.
The "security" fail company - they would have done better employing CyCura® the "binary ex-situ bioremediation system".
I'm guessing they got confused and deployed this Cycura instead. Which'd explain why alarms didn't go off until after the successful attack. When their teeth started grinding.
Candidate for sociopath of the year award, Joel Eriksson, CTO, Cycura, we will continue to be a leader in the services we provide. "I have worked with leading companies around the world to secure their businesses. I have no doubt, based on the work I and my company are doing, Avid Life Media will continue to be a strong, secure business,".
Continue? Fail. To continue you need to start somewhere.
Secure? Fail.
Makes me wonder if he faked his widely promoted cracking of the Cicada.
This is the most interesting bit
Anyone else see similarities and strangely missing information?
His story.
He certainly he fucked up big time "protecting" his client, and he shouldn't have (because he does seem to have the ability to know how to secure a system).
Curiouser and curiouser. But not so curious I want to follow that rabbit down a hole.
the best & worst (fake history & heritage) ones are kept from us,, bushwhacked hoodwinked & woollyeyed we comply;;; http://www.abc.net.au/religion... .. some still calling this 'weather' .. http://www.youtube.com/results... .. rock on /. ;; https://www.youtube.com/watch?... ..: konoronhkwa
The derp is strong with this one
Andy Warhol got it right / Everybody gets the limelight
Andy Warhol got it wrong / Fifteen minutes is too long.
How much for a database dump of women 40 in a 20 mi radius of my zip code? For, uh, research purposes. Yeaah, that's the ticket!
I suspect 30+ million were 'just curious' after seeing AM's adds on TV. Hard to explain to the spouse, though.
If you post it, they will read.
Disclaimer: I don't have any data on this site. But, I did notice something interesting about this story...it appears they're looking squarely at an insider, or at least someone who had a lot of access previously. If you're running a site like this, why in the world would you trust contractors with internal processes like that? If proven true, that "collect money for profile deletion, but keep it around...just in case" is pretty scummy. But that just sounds like typical 23-year-old web startup CEO behavior, maybe combined with an inexperienced sysadmin/DBA staff. (I'm going to go for more of the latter on this one, since they managed to get hacked in the first place.)
I guess IT contractors would have the ability to see this going on, but you would think that something like this would have been done in a less obvious manner...maybe just keeping DB snapshots forever instead of leaving the data out there.
It's interesting from an employment perspective -- as more and more companies outsource everything, they have less control over who sees their data, and potentially have more people with axes to grind, or who could just make a quick buck more easily than an insider could. So the question is, if this blackmail thing becomes a trend, will companies stop completely trusting their contractors?
You mean 1.44 billion?
http://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/
Even if the bad guys are arrested today and the blackmail threat is gone, they will either be shut down from customer lawsuits or their customers will abandon them in droves, leading to bankruptcy.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
It was a spouse which found out their wife/husband cheated on them using such web site and decided to go vigilante and make life a living hell for other cheaters.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
OK As far as I am concerned, Right ON!!
Ashley madison and sites like it only encourage poor behavior within our society..
They are the ideas of individuals whom have failed in various personal endevors.
they serve no purpose but to only exploit poor behavior resulting in "Jerry Springer" behavior with in our society, supporting the notion of a higher divorce rate, un-speakable acts and crimes against individuals.
I know Adult friend finder will be next, and then what? Will enough individuals be exposed to cause the dammage recommended?
Places like these are a cancer to our society, and only result in less than satisfactory results.
thanks
The Internet is a honeypot for information collection from dumb people.
Malice is when you needlessly screw up someone else's life because of how it will make them feel.
Greed is when you don't care.
I would like an extra 500 counts to be added to my record!
Comment removed based on user account deletion
I was only going there to buy snack cakes!
They just had 74 million prospective clients show up on their doorstep.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
It could happen, but the thing is, Facebook doesn't have the same kind of valuable data. It is personal info, sure, but it is NOT verifiable identities and proof of cheating. It has some value, but not for extortion of the majority of its users.
https://en.wikipedia.org/wiki/...
"If any question why we died, Tell them because our fathers lied."
Notice how most if not all annon's dont get any mod points..
very interesting
in closing down sites like these. People who risk exposure do.
Please release the data! I'm getting my popcorn ready to see the sparks fly, and who's getting divorced, or dropping out of the presidential race.
Just another day in Paradise
Oh Noes! That's the only site that shows me who the
horny MILFS are in my area!! If they do that - I'll be reduced to
stalking, again...
I tried to put in the tag, but it didn't work.... I really hope no one takes me seriously!
adult firend finder???
Any one
Buhler Huhler
It will become more powerful than you can imagine...
Please do not read this sig. Thank you.
so u b3tt4h l1st3n up, budd3h, & d0 wut dey s4y.
Oh no, my public comments and throwaway account credentials will be exposed to, uhh, the public!!11
SELECT * FROM ashleymadison WHERE match(email, ".gov")
Really, though, it would be useful to remind lots of anti-privacy Feds that encryption is important for lots of things, including protecting civil liberties and keeping them from getting into trouble with their spouses and potentially losing their jobs.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Darn it, I can't think of a better way to fix bugs!
If the complaint is that they aren't PROPERLY deleting data, then hack it all yourself, and delete it FOR them.
Then of course, give the data back. Or offer a data deletion service for $10.99 and give them the data back after a month or two.
> You mean 1.44 billion?
I mean, getting 37 million would only require access to a quarter of a percent of Facebook's data, so a hack on this scale shouldn't be hard to imagine.
Help build the anti-software-patent wiki
> Facebook doesn't have [...] verifiable identities and proof of cheating
I think you'll find it has both.
If an account has been posting photos of your personal life and having chats with your spouse, your family and your friends, do you really think anyone needs more verification that it's your accounts? Even if the account is under your nickname, everyone who knows you through that account knows that you are you.
And if you're cheating and you met this person via Facebook, or communicated with them via Facebook then just try denying it when your spouse sees the chat logs.
Help build the anti-software-patent wiki
The best that any company can do is reduce things down to a real name and transaction number, which could then be cross referenced (perhaps externally) to find payment data. Deleting "all" data would be a breach in law, as you are required to maintain financial records for at least 7 years. There is no restriction for credit card purchases, compliance testing just ensures that you are not keeping Card data and PII data like PIN numbers and SSN.
Sneaker-net is the only answer here, and it's difficult to maintain feasibility on a web site to begin with. And we all know what happens when people need bonus checks and higher profit margins. Why do you think we have all those articles on the risks to our power plants and water treatment facilities? When the Government with the biggest budget in world history won't pay a few bucks for it.. well why would you expect any different behavior from others?
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
After the dump, who do we charge for inciting violence?
Because I can assure you, there will be a lot of husbands and some wives who will go off the deep end and commit acts of violence when they suddenly realize that their significant other is a cheating whore/bastard.
Would there be a case for charging the people who dumped the data, on the premise that if they didn't Husband A wouldn't have killed Wife B?
Perhaps so; but We, the Righteous, will hack them all and show our moral superiority!
They deserve it anyways, for not doing sufficient penetration testing.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Getting your life as you believe it to be turned upside can cause pretty rash responses. A mistress murdered a football player's wife recently and killed herself. A cheating husband can be get attacked by his jilted wife and vice versa and more if both parties are married.
If you are a psycho or a serial killer, this list is a bonanza of motives that detract from your involvement.
Whoever is threatening to release this information had best understand that it'll cause some strong reactions in evil people and some very emotionally vulnerable victims.
If you were STUPID enough, to give a "cheaters" website your REAL name, REAL address, REAL bank information, REAL personal information, then you deserve to be hacked and exposed as the lying cheating SOB that you really are, regardless if you are a man or woman, or other.
I'd be very interested in seeing which member profiles are conspicuously absent from the leak.
BUSTED!!!
This website is an intelligence test.
Having already established that you're morally bankrupt and willing to cheat the question is will you do it in a way that is so blatant that there's no shred of possibility that you could plausibly deny your intentions.
Why yes you're dumb enough? Great, we'll take your cash. No you're not dumb enough? Are you sure? We can wave this scantily clad girl/guy in your face to tempt you.
> It is called NOT losing half your shit...
Now, that's an interesting POV, even if not the first time I've read it. In the US, at least, you know before you get married that the default mode is that your shit and your SO's shit become community shit. If you think your financial contribution to the union is that big a deal, you have the option of signing a contract that specifies that your shit remains your shit.
However, most people don't bring much shit into a marriage, other than the potential shit. If it's only after 10, 20, 30 years that the both of you have turned the potential into some real serious shit, and then elect to play in someone else's drawers, you're not really entitled to get all high and mighty about "your" (singular), rather than "your" (plural), even if you think your now less-than-SO has spent the whole time popping bon-bons.
Another example of the core falacy of libertarian thinking, that human beings are perfectly rational, carrying absolutely no baggage from one's pre-pre frontal lobe behaviors, or under any influences from the dopamine system. Sure, let's just have genitals, guns, and blow smacking us in the face from the moment we wake up, and if that doesn't work out, every day, over the course of 80-some odd fucking years, then sure, It's Your Fault, Loser.
Excellent
Ignoring the moral implications of cheating, I think the fact Ashleymadison.com charged an extra fee for the 'full delete' feature, which did nothing, is the real problem here.
Well, also the fact people actually trusted Ashleymadison to honour something they couldn't possibly verify :D
This, of course, makes good food for thought when other sites promise to treat your private data carefully. And even moreso if they charge you for that privilege.
Always read at -1, don't let others decide what you should and should not read.
Probably a result of ashleymadison going after lowest bidder contracts when trying to get their security sorted. You get what you pay for.
What I found most interesting was the similarity between the correspondence Joel Erickssonn of Cycura says he had with the "people" (person?) behind Cicada 3301 and the nature and wording of the "attackers" demands/claim of responsibility for the ashleymadison breach.
And his company (basically just him) is very unlikely to be the lowest bidder, he's also much more of an attacker and cryptographer than a security engineer.
and a motel six, run the plates catch them leaving the room, dead drop the money and the pictures...
There are 37 million users on these web sites? 37 MILLION? I assume they operate internationally. Assume also that this represents only a subset of the total cheater population (web-based, non-web-based). Yikes...it would be fascinating to search through the names.
So hackers are righteous now are they? What a bunch of hypocrites you Hackers are. Sort out yr own house before you start on other ppl. I don't believe in infidelity but I also don't believe in fucking hacking either! Asshole(S)
On one hand, I'm against cheating and I expect all adults to be able to take responsibility for their own actions.
On the other hand, I do not feel I have the authority to tell an other person how they should live their lives. If you wanna cheat, go right ahead. I'll think you a piece of shit for it, but I won't stop you.
My only problem is when people get purposefully hurt, or their personhood is violated.
how many people are actually that stupid!
- X/Y -
Off course cheating is immoral. But so is hacking and publishing personal information. Actually that is worse. Cheating is just immoral, but not a crime. Hacking and violation of privacy is immoral AND a crime punishable by law. Besides who says the account info is correct? What is people make accounts using someone elses name? I would asume that if you want to start an affair you won't use your own name and address. People who don't cheat can get in trouble because people use their names on this site.
LOLOLOLOLOL!!!!