Ashley Madison - 'Welcome to the first day of the rest of your internet'

http://www.theawl.com/2015/08/notes-on-the-ashley-madison-hack

background

1. A data dump, which allegedly contains over 35 million email addresses, 33 million accounts with more detailed information (names and addresses), and every credit card transaction from the last seven years, is reported to have been posted online. It could be doctored or entirely fake, however: a hack was previously confirmed by the company, and early signs point to legitimacy. (Update: Brian Krebs was unsure, but now seems convinced; Ashley Madison’s official statement is ambiguous.)

2. It is not easily accessible to most internet users—it’s still in fairly raw form, in massive downloadable archives.

3. However, 4chan users, and undoubtedly others, are already combing through data and posting their discoveries. They started by searching for people with government email addresses, university email addresses, and addresses associated with major corporations. This is unfolding very quickly, already revealing the email addresses of students, teachers, public servants and municipal employees.

global clusterfuck to follow

the note that was posted along with the leak:

http://i.kinja-img.com/gawker-media/image/upload/s--RERfgadU--/c_fit,fl_progressive,q_80,w_636/1391620928171645221.png

here's my carefully considered opinion on this: lol

Definite possible clusterfuck if the leak is real data -- but this is from 4 days ago, has there been actual fallout yet?

However, IMO this leak IS the first real "public" hack. If it wasn't Ashley Madison, it would be everyone's browsing history, or bank statements, or pay stubs, etc. Welcome to first day of the rest of your terrorism.

I admit it.

I was just too tempted by those little snackcakes on the Snoopy commercials.

here's my carefully considered opinion on this: lol

my initial reaction as well, but i felt bad when i realized i didn't consider some of the broader ramifications

http://www.washingtonpost.com/news/morning-mix/wp/2015/08/19/dont-gloat-about-the-ashley-madison-leak-its-about-way-more-than-infidelity/

Cluley also wrote recently about the real risk that a leak could lead to suicide.

“What the howling wolves doesn’t seem to understand is what they are doing is online bullying. The kind of bullying that clearly can cause such personal tragedies,” he wrote.

“‘If they are cheating, they deserve it,’ the wolves reply. While I totally disagree with that argument, let me add that their kids do not deserve to lose a parent. Their family doesn’t deserve to lose a loved one. And that also applies to friends, colleagues, neighbors and others. If you are found to have bullied somebody into suicide however … I believe you deserve jailtime for that.”

And then there is another concern: that although the leak itself appears to be a moral vendetta, it could lead to individual cases of blackmail as people comb through the information and spot co-workers, neighbors or acquaintances.

By the time you read this, there is a good chance someone on 4chan will have figured out a way to make the leaked info searchable.

apparently this is a well-regarded security guy who says that he now believes the leaked date is real: http://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/

i submit my recalibrated opinion: lmbo

man what kind of dork uses their real email address to sign up for an adultery website

"Please use this data responsibly."

Someone signed up with Tony Blair's email address though it quite possibly wasn't him.

Consequence-wise this is so much worse than any consumer hack in history it's difficult to not see it changing the way a lot of people behave online.

this is gonna take down a bunch of guilty people and a bunch of innocent people

i'm also astounded that there were 35 million+ accounts, even if a ton of them were bogus. i had never even heard of ashley madison til this leak., but apparently about 1 out of every 7 adults in the U.S. had an account (~240 million adults in U.S. / 35 million accounts)

is it just me or does the tone of that text file posted above read more than a little like some "men's rights" screed?

Not all those accounts are from the US.

xpost the gamergate people are already combing through looking for "social justice warriors"

In terms of the 'victims', this is sorta Gawker's expose of Geithner writ very large, involving people who are (presumably) mostly private citizens. So while it's tempting to get all high-horsey about it, it's pretty much just a massive violation of privacy that, as noted, potentially affects more than those people whose personal information was compromised.

I'd heard of it (they're a regular sponsor on Howard Stern's show), but 35 million does seem really high. And yeah, it seems funny to think of people using their actual email addresses, but if they're scrolling through the list looking for govt and university addresses, obv some people did. The aims of AM notwithstanding, this is absolutely bullying, blackmail, public terrorism. It doesn't make any difference why people signed up -- it's their life, not the hackers'. I assume this kind of thing will get worse before it gets better.

http://www.businessinsider.com/pirate-bay-is-serving-an-ashley-madison-ad-next-to-the-ashely-madison-data-dump-2015-8

http://static2.businessinsider.com/image/55d45968371d2278018c0c60-1605-955/ashleymadison.png

apparently the site didn't have email verification? so anyone could use anyone else's email address for their account

makes it hard to pin any accusations on public figures

ashley madison posted this today:

This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.

extract from washington post piece is super sobering imo

didn't lagoon write in another thread about the weird paucity of righteousness in hacking, ie things targeted at student loans say instead of just broadly aimed at big organisations. this feels like a kind of misdirected & accidentally moralistic righteous hack, sorta mirroring the gawker thing per old lunch.

apparently the site didn't have email verification? so anyone could use anyone else's email address for their account

― ciderpress, Wednesday, August 19, 2015 10:04 AM (1 minute ago) Bookmark Flag Post Permalink

makes it hard to pin any accusations on public figures

― ciderpress

yeah, that was my initial thought as well, but i didn't realize that credit card/financial transactions were also leaked:

33 million accounts with more detailed information (names and addresses), and every credit card transaction from the last seven years, is reported to have been posted online

i don't think it would be too hard to make strong connections.

http://www.wired.com/2015/08/happened-hackers-posted-stolen-ashley-madison-data/

The files appear to include account details and log-ins for some 32 million users of the social networking site, touted as the premier site for married individuals seeking partners for affairs. Seven years worth of credit card and other payment transaction details are also part of the dump, going back to 2007. The data, which amounts to millions of payment transactions, includes names, street address, email address and amount paid, but not credit card numbers; instead it includes four digits for each transaction that may be the last four digits of the credit card or simply a transaction ID unique to each charge. AshleyMadison.com claimed to have nearly 40 million users at the time of the breach about a month ago, all apparently in the market for clandestine hookups.

the people who grabbed all this data justify dumping it because the site is "immoral" is a really bad look, imo

definitely.

The hackers deflected responsibility for any damages or repercussions that victims of the breach and data dump may suffer.

“Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it,” they wrote.

justifying, I mean

that reason is about ten times stupider than saying they did it "for the lols"

Mumsnet ;_;

http://www.bbc.co.uk/news/technology-33985706

people I want to judge my "morality":
- people I do business with
- people who I have moral contracts with
- people I have a direct personal relationship with

note lack of "randos on the internet" in that list

the incident, called DadSecurity

I thought the justification was that they were charging users to delete accounts and lying about having done it?

The users seem like collateral damage rather than being the focus, which makes it even more stupid in some ways.

yeah this isn't really 'hacktivism', it's just hacking, for lack of a better term

they have used a variety of justifications, all of which hold tiny amounts of water

it feels like an episode of black mirror

some other revelation needs to happen to really make this black mirror-esque

like finding out people really didn't use it for cheating but for some sort of complicated investment scheme

the ppl publishing this list are doing something much worse than the people they are trying to expose, it's prurient & self-righteous in the worst way

this will probably have an effect on the elections

write in votes for Ashley Madison

for sure, some political types are definitely ridiculous enough to have accounts on this

I mean, some have already proven themselves brazen enough to just hit on people on twitter or w/e, Ashley Madison is practically subtle in comparison to some of the shenanigans out there

i bet there were like 30-35 actual affairs conducted out of all this

Yeah, I wondered about that. A whole lotta lookers but not a whole lotta takers.

*shakes fist* where are the horney internet wives

tell me if you ever figure that one out!

is it just me or does the tone of that text file posted above read more than a little like some "men's rights" screed?

It does have the vibe of a jilted gent, refusing to be mocked or patronized! after he gets spammed for the 30th time.

https://ashley.cynic.al/

About two-thirds of the men, or 20.2 million of them, had checked the messages in their accounts at least once. But only 1,492 women had ever checked their messages. It was a serious anomaly.

...

Overall, the picture is grim indeed. Out of 5.5 million female accounts, roughly zero percent had ever shown any kind of activity at all, after the day they were created.

The men’s accounts tell a story of lively engagement with the site, with over 20 million men hopefully looking at their inboxes, and over 10 million of them initiating chats. The women’s accounts show so little activity that they might as well not be there.

Sure, some of these inactive accounts were probably created by real, live women (or men pretending to be women) who were curious to see what the site was about. Some probably wanted to find their cheating husbands. Others were no doubt curious journalists like me. But they were still overwhelmingly inactive. They were not created by women wanting to hook up with married men. They were static profiles full of dead data, whose sole purpose was to make men think that millions of women were active on Ashley Madison.

i would just like to point out that i have been otm in this thread

http://krebsonsecurity.com/2015/08/who-hacked-ashley-madison/

The Toronto cops mostly recapped the timeline of known events in the hack, but they did add one new wrinkle: They said Avid Life employees first learned about the breach on July 12 (seven days before my initial story) when they came into work, turned on their computers and saw a threatening message from the Impact Team accompanied by the anthem “Thunderstruck” by Australian rock band AC/DC playing in the background.

well, I'm on Team Hacker now

they should have led off their manifesto with that tidbit

dang, mr ashley madison is gonna be sued into oblivion

Has anyone come up with an estimate for how many actual affairs came about through AM?

how would anyone on earth know that? jeeze

http://gawker.com/5928591/back-in-hack-computer-researcher-stumped-by-acdc-virus-at-iranian-nuclear-facilities

well, I'm on Team Hacker now

― frogbs, Wednesday, August 26, 2015 9:43 PM (22 minutes ago) Bookmark Flag Post Permalink

steady on now

it should be utterly plain that such a site would be a corrupt, exploitative sausagefest

this isn't the issue here

well, I'm on Team Hacker now

― frogbs, Wednesday, August 26, 2015 10:43 PM (33 minutes ago) Bookmark Flag Post Permalink

why? the people they attacked were the users of the site. if they gave a shit about the corrupt nature of the site owners they'd have just rendered the damn thing unusable.

so in summary most of the action anybody got was a little self tug-tug while staring at fake women.

in other words....

ARIANE

Krusty: Ooh! Sex Chat! (dials)
Voice: You've reached the Party Line! In a moment, you'll be connected to a hot party, with some of the world's most beautiful women! Now, let's join the party!
Krusty: Hello?
Man 1: Hello?
Man 2: Hello?
Apu: Are there any women here?
Krusty: Hello!?
Apu: Are you a beautiful woman?
Krusty: Do I sound like a beautiful woman?
Apu: This is not as hot a party as I anticipated.

why? the people they attacked were the users of the site. if they gave a shit about the corrupt nature of the site owners they'd have just rendered the damn thing unusable.

yeah I'm not condoning any of this I just think the AC/DC is a nice touch

Nazareth "Hair of the Dog" woulda been better

timing of this couldn't be better for Ashley Monroe's career tbh

meh...it is what it is. hacktivism will never cease to exist.

groups like cDc will continue to go against laws and the 'norm', both written and unwritten. but hopefully we can keep discussing ethics and morality more openly.

it's silly to think we can 'fix' these people or 'stop' h4x0rs

what's bizarre is people continue to do things on their machines or on the internet as if there were no trace of their actions

people in my hometown of conservative upper middle class gossip hounds are freaking out about this. I highly regret looking at the paid list. saw a bunch of friends' dads. it's quite scary that literally no data is safe. everyone has embarrassing shit buried in gchats or text. whoever compared this to a black mirror episode is otm.

When AM hit critical mass enough to get that brand recognition, every network security person I know was saying "wow, they're going to be the biggest black mail hacker target in existence."

what's bizarre is people continue to do things on their machines or on the internet as if there were no trace of their actions

^^^^^^^^

sad/screwed up that they even offered a "forget me" package for sale which they got tens of thousands of people to pay for (and obviously did not delete the data), at the very least there should be a class-action lawsuit that they lied on that one

there's already a $500+ milli class-action lawsuit happening... and apparently an AC/DC-loving suspect?

http://bits.blogs.nytimes.com/2015/08/26/security-blogger-may-have-new-lead-in-ashley-madison-hacking/?_r=0

"Yeah. But remember, we're the thunderstruck bandits. The thunderstruck bandits. T-H-U..."
http://vignette3.wikia.nocookie.net/christmasspecials/images/3/3d/Home-alone-17.jpg/revision/latest?cb=20111109000314

i don't want to discount how awesome that Thunderstruck bit is
magnificent

http://boingboing.net/2015/08/26/ashley-madison-looks-like-it-w.html

An analysis of the accounts indicates that there were 20,000,000 men active on the site and 1,492 women regularly checking messages.

makes me curious about this article - http://www.gq.com/story/ashley-madison-affair-cheating-site

lol good to see short fiction getting a platform in a big mag like GQ

http://america.aljazeera.com/opinions/2015/8/ashley-madison-users-are-getting-off-too-easy.html

lmao for sure man

waiting for this article to be written: "No females on Ashley Madison. Where women have affairs"

http://gizmodo.com/the-fembots-of-ashley-madison-1726670394?utm_content=buffer25590&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

On June 27, 2013, in an email thread with the subject line “how angels are made, ”Noel Biderman scolded some of his employees for failing to create a decent automated process for making angels:

I will tell you what the flaw is—simply listening to hourly employees complaints and then building an unmanageable system around their so called “creativity” block when all that needed to be done was to hire a group of language related individuals to manually build X number of profiles over the span of y month(s) and then have someone on the photo side add relevant and reliable images.

What has been created now is a bureaucratic convoluted nightmare of a process that not only takes longer, costs more money, involves more “management” and ultimately produces a worse product.

Over a year and half ago I approached the two of you to try to automate this system as I did not want to have a CSR level rep making mistakes that lead to transparency issues that they could not comprehend the impact of.

Our ability to productize this approach failed but this nightmare of a quagmire stops now. We just need to learn how to properly staff up for a project and then staff down ...

it was like the internet entrepreneur's fantasy turned into its opposite

lol so Biderman resigned AND his leaked emails revealed his own affairs and escort hookups.

http://a.disquscdn.com/uploads/mediaembed/images/2459/2693/original.gif

A HAHAHAHAHAHAHAHAHA

http://consumerist.com/2016/02/02/ashley-madison-offering-profile-photo-masks-rendering-users-completely-unrecognizable-to-their-loved-ones/

A HAHAHAHAHAHAHAHAHAHAHAHA

http://i.imgur.com/KzB4C0O.png

THE FUCK IS THAT.

XD

"Well, first... ok? Number one - why would anyone hack it again? I mean, they already got everyone's deets the first time, right? And two - hear me out, the second thing, see... they've got this new MASK feature turned on."

http://i.imgur.com/OTuSDB0.jpg

myspace so classic

How do they still have subscribers after revealing that all the Ashleys were fake?

i'm afraid i'll be laughing all night now

https://arstechnica.com/information-technology/2020/02/four-plus-years-later-ashley-madison-hack-is-used-in-new-extortion-scam/

In the past two weeks, researchers have detected “several hundred” emails that threaten to air those intimate details to the world unless the former subscribers’ pay a hefty fee.
“I know everything about you,” one of the emails, dated January 15, says. “I even know that you ordered some … let’s call them ‘male assistance products’ online on 12/11/2018 using your account at Bank of America N,a routing# 121000358 account# [redacted] for $75 for mailing to [redacted] CA [redacted]!” The extortionist goes on to say: “If you do not act very fast your full AMadison profile and proof of it will be shared with friends, family, and online over social media—and of course your internet orders.”

...Despite the damage done to millions of users and years of unfavorable news coverage that resulted, Ashley Madison continues to operate and even thrive by some accounts. According to a 2018 report from auditors Ernst & Young, there were 472,752 new Ashley Madison accounts registered monthly that year. A report published a year later said new registrations for 2018 totaled 5.3 million and on average there were 442,449 new Ashley Madison accounts registered each month. In this post, Ashley Madison claims to have 60 million members. The site’s tagline continues to be “Life is short. Have an affair.”

remember when this happened

I could've swore this was like 2008, not six short years ago.

so many lives ruined

i was right

.
.
.
.
right?

probably not

*wonder years narration voice*

ok someone do the final episode epilogue for the celebrity "exposure" crew who was ruined by this

its really amazing that nothing came out of this

One Douche Life To Live

oh wait one thing did my older brother (who is not married) was on it lol

As the World Douches