Hackers of the world’s second largest paid dating website AshleyMadison.com have released personal information on millions of users that was allegedly saved after the company charged a fee to erase it.
Update: Man Sues Ashley Madison Over ‘Army of Fembots’
November 3 – Former Ashley Madison member David Poyet has filed a class action lawsuit against the dating site’s parent company, Avid Life Media (ALM), for allegedly duping users by employing an ‘army of fembots.’ According to the Consumerist, plaintiff alleges he was tricked into believing he was interacting with beautiful females while all the time he was interacting with fake bots. For his hardships, Poyet is demanding ALM pay him $5 million.
Cheating Website Hacked, “Full Delete” Scam Exposed
Ashley Madison, an online dating service catering to married people, has been breached by a hacker or group of hackers calling themselves The Impact Team, according to ALM.
The company, which also runs dating sites CougarLife.com and EstablishedMen.com, did not say what information was compromised as a result of the hack. However, the KrebsOnSecurity blog maintains that ALM’s “user databases, financial information and other proprietary information” were leaked.
The Impact Team targeted Ashley Madison because ALM allegedly lied to its clients about a “full delete” service the company claimed would completely erase all account data for $19. According to the hackers, the feature doesn’t actually work, and that users’ real names and addresses remain on servers even after the full delete.
Well-Known Entertainment, Sports and Political Figures Outed in Ashley Madison Hack
A Hollywood actor, NFL player and a top politician are among dozens of former Ashley Madison users trying to salvage their reputations after the dating website hack, according to Daily Mail Online.
“One of the people is a top player in the NFL. And one executive works for Coca Cola,” a source told Daily Mail Online. “Another is a politician who ran a Southern state.”
A second source added, “One is a politician on the West Coast who is no longer active.”
10,000 Gov’t Officials’ Email Addresses Leaked
According to The Daily Beast, stolen data from AshleyMadison.com includes about 10,000 e-mail addresses from the National Security Agency (NSA), Department of Justice (DOJ) and other government agencies.
The data dump not only included user data but also internal company documents from Ashley Madison parent company Avid Life Media (ALM), including employee PayPal accounts, corporate passwords, memos, loan agreements, banks account numbers as well as a document titled “areas of concern – customer data” which described how ALM was worried about data leak and theft issues.
ALM Chief Steps Down Amid Hacking Controversy
On August 28, Avid Life Media announced that its chief executive officer Noel Biderman has stepped down, according to The New York Times. Among the data leaked earlier this month was a 2012 email exchange between Biderman and Raja Bhatia, who was ALM’s technology officer at the time.
In the emails, Bhatia said he had uncovered a security hole in a competitor’s website, nerve.com, that allowed him to download and manipulate the site’s user data. Prosecutors could use information from the leaked emails to charge ALM executives under the Computer Fraud and Abuse Act (CFAA), which makes it a crime to enter computers or take information from them without authorization.
“This change is in the best interest of the company and allows us to continue to provide support to our members and dedicated employees,” ALM said of Biderman’s departure in a written statement. “We are actively adjusting to the attack on our business and members’ privacy by criminals.”
Cheating Website Hacked, User Data Leaked: CNBC Video
Suicides Linked to Cheating Website Hack
At least 2 former Ashley Madison clients committed suicide after their personal information was published online, according to the BBC. Although no details have been released about the deaths, the Toronto Police held a press conference in which Superintendent Bryce Evans had a message for the hackers: “Your actions are illegal and will not be tolerated. This is your wake up call.”
On August 21, the San Antonio Express reported that a city worker whose information was published took his own life. However, the publication acknowledged that it was unclear whether the man’s death had anything to do with the leak.
Website Breach Leads to Scams, Extortion Attempts
Evans warned the public to beware of extortion scams that are already popping up and targeting Ashley Madison users. On August 21, KrebsOnSecurity published a story about one such extortion attempt that threatened to inform the victim’s spouse unless the recipient paid the attacker a Bitcoin (approximate $250 US).
Data Dump Could Affect IPO Launch
Aside from the ramifications of such a comprehensive data leak, the events could threaten ALM’s potential to launch an initial public offering (IPO). Last year, AshleyMadison.com had $115 million in sales, and is aiming for a $200 million IPO later this year.
TV Reality Star Paid for ‘Affair Guarantee’ on Ashley Madison
Josh Duggar, a married television personality best known for his part in the reality show 19 Kids and Counting, has confessed to using the Ashley Madison cheating website. According to the Gawker, the 27-year-old devout Christian had 2 different Ashley Madison subscriptions from February 2013 until May 2015, paying a total of $986.76.
According to data leaked by the hackers, Duggar paid and initial fee of $249 for an “affair guarantee” that can “increase your chances of having an affair from possibly to definitely or your money back,” according to the website.
In response to the revelations, Duggar released a statement, calling himself “the biggest hypocrite ever.”
“While espousing faith and family values, I have been unfaithful to my wife,” Duggar said. “I am so ashamed of the double life that I have been living and am grieved for the hurt, pain and disgrace my sin has caused my wife and family, and most of all Jesus and all those who profess faith in Him.”
Leaked Data Shows Most Ashley Madison Female Profiles Fake
There were almost no real female subscribers on the Ashley Madison cheating website, according to Gizmodo. Staff writer Annalee Newlitz analyzed the site’s user database and found suspicious data which suggested that nearly all the female accounts were fake, maintained by ALM employees.
The Impact Team published information on approximately 31 million accounts apparently belonging to men, and another 5 million accounts belonging to women. However, Newlitz found scores of test accounts that ended with AshleyMadison.com, suggesting that they were created internally (90% of which were for women), and 350 female accounts for individuals with the same unusual last name.
Other suspicious data uncovered:
- Only 1,492 females in the Ashley Madison database had ever checked their messages on the site. That’s compared to over 20 million men.
- Only 2,409 of the women had ever used the site’s chat function, compared to more than 11 million men.
- Only 9,700 women had ever responded to a message from another person on the site, versus almost 6 million men.
Taking these figures into consideration, Newlitz concluded that “Ashley Madison is a site where tens of millions of men write mail, chat, and spend money for women who aren’t there.”
“Ridiculously Bad” Passwords Revealed in Ashley Madison Hack
When hackers first leaked the data dump online, some researchers speculated that because AVN appeared to use strong algorithms to encrypt Ashley Madison passwords, that information would be kept secret. However, according to the Washington Post, after a group of decoding hobbyists known as CynoSure Prime managed to exploit programming errors in the algorithm, more than 11 million passwords have been decoded.
The top 5 passwords are: