Aug 19, 2015 11:44 PM
Hackers expose millions on cheating site; some in US govt
The Associated Press
LONDON (AP) Hackers say they have exposed unfaithful partners across the world, posting what they said were the personal details of millions of people registered with cheating website Ashley Madison.
A message posted by the hackers alongside their massive trove accused Ashley Madison's owners of deceit and incompetence and said the company had refused to bow to their demands to close the site.
"Now everyone gets to see their data," the statement said.
Ashley Madison has long courted attention with its claim to be the Internet's leading facilitator of extramarital liaisons, boasting of having nearly 39 million members and that "thousands of cheating wives and cheating husbands sign up every day looking for an affair."
Its owner, Toronto-based Avid Life Media Inc., has previously acknowledged suffering an electronic break-in and said in a statement Tuesday it was investigating the hackers' claim. U.S. and Canadian law enforcement are involved in the probe, the company said.
The Associated Press wasn't immediately able to determine the authenticity of the leaked files, although many analysts who have scanned the data believe it is genuine.
TrustedSec Chief Executive Dave Kennedy said the information dump included full names, passwords, street addresses, credit card information and "an extensive amount of internal data." In a separate blog, Errata Security Chief Executive Rob Graham said the information released included details such as users' height, weight and GPS coordinates. He said men outnumbered women on the service five-to-one.
Avid Life Media declined to comment Wednesday beyond its statement. The hackers also didn't immediately return emails.
The prospect of millions of adulterous partners being publicly shamed drew widespread attention but the sheer size of the database and the technical savvy needed to navigate it means it's unlikely to lead to an immediate rush to divorce courts.
"Unless this Ashley Madison information becomes very easily accessible and searchable, I think it is unlikely that anyone but the most paranoid or suspecting spouses will bother to seek out this information," New York divorce attorney Michael DiFalco said in an email. "There are much simpler ways to confirm their suspicions."
Although Graham and others said many of the Ashley Madison profiles appeared to be bogus, it's clear the leak was huge. Troy Hunt, who runs a website that warns people when their private information is exposed online, said nearly 5,000 users had received alerts stemming from the breach.
Although many may have signed up out of curiosity and some have little more to fear than embarrassment, the consequences for others could reverberate beyond their marriages. The French leak monitoring firm CybelAngel said it counted 1,200 email addresses in the data dump with the .sa suffix, suggesting users were connected to Saudi Arabia, where adultery is punishable by death.
CybelAngel also said it counted some 15,000 .gov or .mil addresses in the dump, suggesting that American soldiers, sailors and government employees had opened themselves up to possible blackmail. Using a government email to register for an adultery website may seem foolish, but CybelAngel Vice President of Operations Damien Damuseau said there was a certain logic to it. Using a professional address, he said, keeps the messages out of personal accounts "where their partner might see them."
"It's not that dumb," Damuseau said.
How many of the people registered with Ashley Madison actually used the site to seek sex outside their marriage is an unresolved question. But whatever the final number, the breach is still a humbling moment for Ashley Madison, which had made discretion a key selling point. In a television interview last year, Chief Executive Noel Biderman described the company's servers as "kind of untouchable."
The hackers' motives aren't entirely clear, although they have accused Ashley Madison of creating fake female profiles and of keeping users' information on file even after they paid to have it deleted. In its statement, Avid Life Media accused the hackers of seeking to impose "a personal notion of virtue on all of society."
Graham, the security expert, had a simpler theory.
"In all probability, their motivation is that #1 it's fun, and #2 because they can," he wrote.
Technology Writer Bree Fowler in New York contributed to this report.
Raphael Satter can be reached at: http://raphae.li