19th July 2015.
Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is “Life is short. Have an affair.”
http://krebsonsecurity.com/wp-content/uploads/2015/07/ashleymadison-580x370.png
The data released by the hacker or hackers — which go by the name The Impact Team — includes sensitive internal data stolen from Avid Life Media (ALM), the Toronto-based firm that owns AshleyMadison as well as related hookup sites Cougar Life and Established Men.
Full Article
+54And the e-mails will be going striaght to there business/work accounts LOL
That didn't take long LOL. But a lot of them might as well not pay ... if they were among the foolish that used an email address their spouse knows about, there is a pretty good chance they are going to be busted anyway for free 🙂
The following article is a update:
***********************************
Ex-Tory bigwig Damian Green has got caught up in the hack of AshleyMadison.com after it emerged a private email address seemingly linked to him was found on the site for love rats.
The former Minister for Police and Criminal Justice has denied ever using the website, and said he could not remember if the aol.com address used to create an account was his.
The married MP for Ashford, said: “I don’t know anything about this. It’s nothing to do with me,” he told The Mirror. He added, “I have never registered for an account with Ashley Madison.”
“I don’t know who has used this account. I’ve had so many email accounts over the years. I may have had an aol address many years ago,” said Green.
full article
***********************************
Ashley Madison hack - Tory MP Green denies registering account.
By: 22 Aug 2015 at 12:33, Paul KunertEx-Tory bigwig Damian Green has got caught up in the hack of AshleyMadison.com after it emerged a private email address seemingly linked to him was found on the site for love rats.
The former Minister for Police and Criminal Justice has denied ever using the website, and said he could not remember if the aol.com address used to create an account was his.
The married MP for Ashford, said: “I don’t know anything about this. It’s nothing to do with me,” he told The Mirror. He added, “I have never registered for an account with Ashley Madison.”
“I don’t know who has used this account. I’ve had so many email accounts over the years. I may have had an aol address many years ago,” said Green.
full article
The following is a on going update:
***************************************
US Defense Secretary Ashton Carter has said the military will investigate email addresses signed up to the Ashley Madison website to determine if improper conduct has taken place.
Military.com reports Carter saying "Yes, the services are looking into it, as well they should be. Of course it's an issue because conduct is very important."
Adultery is considered an offense under the US Uniform Code of Military Justice and is punishable by anything from a black mark on one's record to dishonorable dismissal from the services. Traditionally women have had a tougher time of it under military courts, but given the sex imbalance of the website, it'll be enlisted men who bear the brunt of any investigation.
This is the first time a member of the federal government has commented on the implications of the hack, which saw the details of 36 million users of the website published online by a group calling itself the Impact Team.
full article
***************************************
US military says it will discipline Ashley Madison users.
By: 21 Aug 2015 at 23:03, Iain ThomsonUS Defense Secretary Ashton Carter has said the military will investigate email addresses signed up to the Ashley Madison website to determine if improper conduct has taken place.
Military.com reports Carter saying "Yes, the services are looking into it, as well they should be. Of course it's an issue because conduct is very important."
Adultery is considered an offense under the US Uniform Code of Military Justice and is punishable by anything from a black mark on one's record to dishonorable dismissal from the services. Traditionally women have had a tougher time of it under military courts, but given the sex imbalance of the website, it'll be enlisted men who bear the brunt of any investigation.
This is the first time a member of the federal government has commented on the implications of the hack, which saw the details of 36 million users of the website published online by a group calling itself the Impact Team.
full article
1 person likes this
The following article another update:
*****************************************
http://krebsonsecurity.com/wp-content/uploads/2015/08/ashmadext.pngAn extortion email sent to an AshleyMadison user.
According to security firms and to a review of several emails shared with this author, extortionists already see easy pickings in the leaked AshleyMadison user database.
Earlier today I heard from Rick Romero, the information technology manager at VF IT Services, an email provider based in Milwaukee. Romero said he’s been building spam filters to block outgoing extortion attempts against others from rogue users of his email service. Here’s one that he blocked this morning (I added a link to the bitcoin address in the message, which shows nobody has paid into this particular wallet yet):
full articlce
*****************************************
Extortionists Target Ashley Madison Users
People who cheat on their partners are always open to extortion by the parties involved. But when the personal details of millions of cheaters get posted online for anyone to download — as is the case with the recent hack of infidelity hookup site AshleyMadison.com — random blackmailers are bound to pounce on the opportunity.http://krebsonsecurity.com/wp-content/uploads/2015/08/ashmadext.pngAn extortion email sent to an AshleyMadison user.
According to security firms and to a review of several emails shared with this author, extortionists already see easy pickings in the leaked AshleyMadison user database.
Earlier today I heard from Rick Romero, the information technology manager at VF IT Services, an email provider based in Milwaukee. Romero said he’s been building spam filters to block outgoing extortion attempts against others from rogue users of his email service. Here’s one that he blocked this morning (I added a link to the bitcoin address in the message, which shows nobody has paid into this particular wallet yet):
full articlce
The following article is a on going update:
**********************************************
The hacking group behind the Ashley Madison breach compared the affair-seeking website to "a drug dealer abusing addicts" in an email exchange threatening to carry out more attacks.
In the exchange published Friday by Vice Media's Motherboard website, the group calling itself The Impact Team said that hacking Ashley Madison was easy because "nobody was watching" and the site had "no security."
Motherboard said it contacted the group through "an intermediary" and verified the group's PGP signature used for encrypting messaging.
In the exchange, the hacker group said Ashley Madison and its parent company Avid Life Media were facilitating human trafficking and other abuses.
"We watched Ashley Madison signups growing and human trafficking on the sites," the group said. "Avid Life Media is like a drug dealer abusing addicts."
The group, which leaked nearly 30 gigabytes of files including names and credit card data of users, and source code for the websites, said it had far more data, saying it included "300GB of employee emails and docs from internal network."
full article
**********************************************
Ashley Madison Hackers Vow More Attacks: Report.
By AFP on August 22, 2015The hacking group behind the Ashley Madison breach compared the affair-seeking website to "a drug dealer abusing addicts" in an email exchange threatening to carry out more attacks.
In the exchange published Friday by Vice Media's Motherboard website, the group calling itself The Impact Team said that hacking Ashley Madison was easy because "nobody was watching" and the site had "no security."
Motherboard said it contacted the group through "an intermediary" and verified the group's PGP signature used for encrypting messaging.
In the exchange, the hacker group said Ashley Madison and its parent company Avid Life Media were facilitating human trafficking and other abuses.
"We watched Ashley Madison signups growing and human trafficking on the sites," the group said. "Avid Life Media is like a drug dealer abusing addicts."
The group, which leaked nearly 30 gigabytes of files including names and credit card data of users, and source code for the websites, said it had far more data, saying it included "300GB of employee emails and docs from internal network."
full article
Well, I don't approve of the illegal means they are using, but I can understand why. People don't realize, when they view porn, or get involved in sites like this, the "web" gets very big. i.e., the connections to the sex slave industry grows, wether or not people think they are on a "safe" site. Every click puts money someplace. The question is, where do you want your money to go?
The following article is a on going update:
***********************************************
Part of the near-inevitable wash-up from the Ashley Madison hack has begun, with people reporting getting e-mails offering to save them from embarrassment, and a possible suicide in the USA.
The misery caused by the hack is already in evidence in this report of a San Antonio city employee named in the Ashley Madison database committing suicide (the report notes that at this stage authorities are noting the association but not positively attributing the suicide to the exposure).
According to both Reddit and a Tweet from 0x1C, one of the companies that made the Ashley Madison data searchable last week, Trustify, is sending “you were on the database” e-mails.
The e-mail says – as The Register feared would happen – that Trustify is capturing searches made against its data:
“You or someone you know recently used our search tool to see if your email address was compromised in the Ashley Madison leak, and we confirmed that your details were exposed”, the message states.
The message then goes on to offer to “hide the exposed details” – but only if the recipient of the message makes contact with Trustify.
full article
***********************************************
Ashley Madison spam starts, as leak linked to first suicide.
23 Aug 2015 at 23:48, Richard ChirgwinPart of the near-inevitable wash-up from the Ashley Madison hack has begun, with people reporting getting e-mails offering to save them from embarrassment, and a possible suicide in the USA.
The misery caused by the hack is already in evidence in this report of a San Antonio city employee named in the Ashley Madison database committing suicide (the report notes that at this stage authorities are noting the association but not positively attributing the suicide to the exposure).
According to both Reddit and a Tweet from 0x1C, one of the companies that made the Ashley Madison data searchable last week, Trustify, is sending “you were on the database” e-mails.
The e-mail says – as The Register feared would happen – that Trustify is capturing searches made against its data:
“You or someone you know recently used our search tool to see if your email address was compromised in the Ashley Madison leak, and we confirmed that your details were exposed”, the message states.
The message then goes on to offer to “hide the exposed details” – but only if the recipient of the message makes contact with Trustify.
full article
+56Article on the social impact of the breach, written buy a guy who hosts a lookup site for people who want to know if they are on the list:
http://www.troyhunt.com/2015/08/heres-what-ashley-madison-members-have.html?m=1
http://www.troyhunt.com/2015/08/heres-what-ashley-madison-members-have.html?m=1
+56They're now offering a $500k reward:
http://arstechnica.com/security/2015/08/ashley-madison-offers-500000-reward-amid-reports-of-member-suicides/
http://arstechnica.com/security/2015/08/ashley-madison-offers-500000-reward-amid-reports-of-member-suicides/
1 person likes this
The following article is a on going update:
**********************************************
Hacked online cheating service AshleyMadison.com is portraying itself as a victim of malicious cybercriminals, but leaked emails from the company’s CEO suggests that AshleyMadison’s top leadership hacked into a competing dating service in 2012.
Late last week, the Impact Team — the hacking group that has claimed responsibility for leaking personal data on more than 30 million AshleyMadison users — released a 30-gigabyte archive that it said were emails lifted from AshleyMadison CEO Noel Biderman.
A review of those missives shows that on at least one occasion, a former company executive hacked another dating website, exfiltrating their entire user database. On Nov. 30, 2012, Raja Bhatia, the founding chief technology officer of AshleyMadison.com, sent a message to Biderman notifying his boss of a security hole discovered in nerve.com, an American online magazine dedicated to sexual topics, relationships and culture.
Krebs on Security
**********************************************
Leaked AshleyMadison Emails Suggest Execs Hacked Competitors
Hacked online cheating service AshleyMadison.com is portraying itself as a victim of malicious cybercriminals, but leaked emails from the company’s CEO suggests that AshleyMadison’s top leadership hacked into a competing dating service in 2012.
Late last week, the Impact Team — the hacking group that has claimed responsibility for leaking personal data on more than 30 million AshleyMadison users — released a 30-gigabyte archive that it said were emails lifted from AshleyMadison CEO Noel Biderman.
A review of those missives shows that on at least one occasion, a former company executive hacked another dating website, exfiltrating their entire user database. On Nov. 30, 2012, Raja Bhatia, the founding chief technology officer of AshleyMadison.com, sent a message to Biderman notifying his boss of a security hole discovered in nerve.com, an American online magazine dedicated to sexual topics, relationships and culture.
Krebs on Security
1 person likes this
The following article is a on going update:
**********************************************
A small Washington, D.C.-based startup accused of crude marketing centered around the Ashley Madison data breach said Monday it is changing its tactics amid criticism.
Trustify, a 10-person company that launched in March, runs a Web-based service for connecting people with private investigators for $67 an hour.
Last week, it created an online tool that lets people check if their email address was in the large dump of stolen user information from the extramarital hookup site.
The tool was one of many that were created after hackers released information on more than 30 million registered users of the website, one of the largest and most sensitive data breaches on record.
Trustify's approach rubbed some people the wrong way. The tool allowed people to enter an email address, and the site returned an answer on whether the address was part of the breach.
full article
**********************************************
Startup takes heat over online tool that checks Ashley Madison data.
By Jeremy KirkA small Washington, D.C.-based startup accused of crude marketing centered around the Ashley Madison data breach said Monday it is changing its tactics amid criticism.
Trustify, a 10-person company that launched in March, runs a Web-based service for connecting people with private investigators for $67 an hour.
Last week, it created an online tool that lets people check if their email address was in the large dump of stolen user information from the extramarital hookup site.
The tool was one of many that were created after hackers released information on more than 30 million registered users of the website, one of the largest and most sensitive data breaches on record.
Trustify's approach rubbed some people the wrong way. The tool allowed people to enter an email address, and the site returned an answer on whether the address was part of the breach.
full article
The following article is a on going update:
Legal pressure on Ashley Madison and its parent company is picking up with more class-action lawsuits filed this week in the U.S. against the extramarital hookup site, alleging its negligence in protecting confidential user data.
Suits filed in federal courts in California and Texas -- by people using John Doe as a pseudonym -- claim for damages, alleging that Avid Life Media, the parent company based in Toronto, did not have adequate and reasonable measures to secure the data of users from being compromised, and failed to notify users in time of the breach.
Avid Life Media said it had been made aware of an attack on its systems. Hacker group Impact Team released data last week that it claimed it had obtained from the website.
full article
Ashley Madison hauled to court in class action suits over data breach
By John RibeiroLegal pressure on Ashley Madison and its parent company is picking up with more class-action lawsuits filed this week in the U.S. against the extramarital hookup site, alleging its negligence in protecting confidential user data.
Suits filed in federal courts in California and Texas -- by people using John Doe as a pseudonym -- claim for damages, alleging that Avid Life Media, the parent company based in Toronto, did not have adequate and reasonable measures to secure the data of users from being compromised, and failed to notify users in time of the breach.
Avid Life Media said it had been made aware of an attack on its systems. Hacker group Impact Team released data last week that it claimed it had obtained from the website.
full article
1 person likes this
+56Someone is cracking the password hashes by brute force and dictionary attacks:
http://motherboard.vice.com/read/someone-cracked-4000-ashley-madison-passwords-and-loads-of-them-are-awful
TL;DR - if you reused (weak) passwords from your Ashley Madison account, time to change them all to something else.
http://motherboard.vice.com/read/someone-cracked-4000-ashley-madison-passwords-and-loads-of-them-are-awful
TL;DR - if you reused (weak) passwords from your Ashley Madison account, time to change them all to something else.
+56The Register did a comparison of what information is left behind for an Ashley Madison account that a user would have paid $19 to have the full delete option. Turns out that most of the identifying information is left behind, including email address, DOB and others. See the full comparison here:
http://www.theregister.co.uk/2015/08/25/us_class_action_ashley_madison/
http://www.theregister.co.uk/2015/08/25/us_class_action_ashley_madison/
The following article is a on going update:
**********************************************
AshleyMadison.com, a site that helps married people cheat and whose slogan is “Life is Short, have an Affair,” recently put up a half million (Canadian) dollar bounty for information leading to the arrest and prosecution of the Impact Team — the name chosen by the hacker(s) who recently leaked data on more than 30 million Ashley Madison users. Here is the first of likely several posts examining individuals who appear to be closely connected to this attack.
http://krebsonsecurity.com/wp-content/uploads/2015/08/zu-launchpad-july-20-580x455.pngIt was just past midnight on July 20, a few hours after I’d published an exclusive story about hackers breaking into AshleyMadison.com. I was getting ready to turn in for the evening when I spotted a re-tweet from a Twitter user named Thadeus Zu (@deuszu) who’d just posted a link to the same cache of data that had been confidentially shared with me by the Impact Team via the contact form on my site just hours earlier: It was a link to the proprietary source code for Ashley Madison’s service.
Krebs On Security
**********************************************
Who Hacked Ashley Madison?
AshleyMadison.com, a site that helps married people cheat and whose slogan is “Life is Short, have an Affair,” recently put up a half million (Canadian) dollar bounty for information leading to the arrest and prosecution of the Impact Team — the name chosen by the hacker(s) who recently leaked data on more than 30 million Ashley Madison users. Here is the first of likely several posts examining individuals who appear to be closely connected to this attack.
http://krebsonsecurity.com/wp-content/uploads/2015/08/zu-launchpad-july-20-580x455.pngIt was just past midnight on July 20, a few hours after I’d published an exclusive story about hackers breaking into AshleyMadison.com. I was getting ready to turn in for the evening when I spotted a re-tweet from a Twitter user named Thadeus Zu (@deuszu) who’d just posted a link to the same cache of data that had been confidentially shared with me by the Impact Team via the contact form on my site just hours earlier: It was a link to the proprietary source code for Ashley Madison’s service.
Krebs On Security
+56Wow, I saw Krebs tweeting yesterday that he had a bombshell announcement, and he definitely delivered!
+56The CEO has stepped down in the wake of the scandal:
http://www.forbes.com/sites/thomasbrewster/2015/08/28/ashley-madison-ceo-steps-down-after-catastrophic-attack/
http://www.forbes.com/sites/thomasbrewster/2015/08/28/ashley-madison-ceo-steps-down-after-catastrophic-attack/
1 person likes this
<sarcasm> What a surprise. </sarcasm>
Would have been only a matter of time before a pink slip arrived though... , no company will go through that without having to replace. They do have to TRY to save the company, though there may be nothing that will do that.
Would have been only a matter of time before a pink slip arrived though... , no company will go through that without having to replace. They do have to TRY to save the company, though there may be nothing that will do that.
The following article is a on going update:
*********************************************
The CEO of embattled Avid Life Media, the firm that operates the infidelity website AshleyMadison.com, stepped down today, according to the Canadian company.
"Effective today, Noel Biderman, in mutual agreement with the company, is stepping down as Chief Executive Officer of Avid Life Media Inc., and is no longer with the company," a statement by the company said Friday.
Ashley Madison, which admitted a massive data breach last week, is a website that caters to people seeking partners for extramarital affairs.
"This change is in the best interest of the company and allows us to continue to provide support to our members and dedicated employees," added Avid Life Media's statement on Biderman's departure.
full article
*********************************************
CEO out at Ashley Madison parent firm after massive hack.
By Gregg KeizerThe CEO of embattled Avid Life Media, the firm that operates the infidelity website AshleyMadison.com, stepped down today, according to the Canadian company.
"Effective today, Noel Biderman, in mutual agreement with the company, is stepping down as Chief Executive Officer of Avid Life Media Inc., and is no longer with the company," a statement by the company said Friday.
Ashley Madison, which admitted a massive data breach last week, is a website that caters to people seeking partners for extramarital affairs.
"This change is in the best interest of the company and allows us to continue to provide support to our members and dedicated employees," added Avid Life Media's statement on Biderman's departure.
full article
1 person likes this
The following article is a on going update:
**********************************************
37 million people were registered to online dating site Ashley Madison before it got hacked. Intimate details about millions of users were exposed to the world. Embarrassment, million-dollar lawsuits, bounties on hacker heads and alleged suicides soon followed.
The media took full advantage of the juicy story, of course. But journalists aren’t the only ones. Scammers also paid attention, targeting those impacted by the breach with alarming and impressively coherent scam messages, Bitdefender antispam researchers found. Beware of extortion attempts, don’t exchange your security and wallet for fake promises or written threats!
Here are the most alarming Ashley Madison spam emails you should ignore, for your own safety:
The email, written in perfect English, claims a hacker has personal information on you, the victim and asks for 1 Bitcoin to refrain from sharing it to all your Facebook friends
full article
**********************************************
Ashley Madison Scams: Extremely Convincing and Dangerous.
By: Alexandra Gheorghe37 million people were registered to online dating site Ashley Madison before it got hacked. Intimate details about millions of users were exposed to the world. Embarrassment, million-dollar lawsuits, bounties on hacker heads and alleged suicides soon followed.
The media took full advantage of the juicy story, of course. But journalists aren’t the only ones. Scammers also paid attention, targeting those impacted by the breach with alarming and impressively coherent scam messages, Bitdefender antispam researchers found. Beware of extortion attempts, don’t exchange your security and wallet for fake promises or written threats!
Here are the most alarming Ashley Madison spam emails you should ignore, for your own safety:
The email, written in perfect English, claims a hacker has personal information on you, the victim and asks for 1 Bitcoin to refrain from sharing it to all your Facebook friends
full article
The following article is a on going update:
***********************************************
Ashley Madison-themed blackmail, data deletion scams hitting inboxes
Posted on 01 September 2015.In the wake of the Ashley Madison hack and consequent data leaks, blackmailers and scammers are doing their best to extract as much money and information as it's possible from the panicking users of the popular cheating site.
Trend Micro researchers have spotted several variants of ransom-demanding emails impersonating either Ashley Madison, Impact Team (the hackers), Team GrayFlay (as far as we known, a non existing entity) or no one in particular - all requesting specific amounts of money in bitcoins to be paid in order for their family and friends not to be informed of the matter, or for their information not to be released in a "final leak" (click on the screenshot to enlarge it): full article
***********************************************
Ashley Madison-themed blackmail, data deletion scams hitting inboxes
Posted on 01 September 2015.In the wake of the Ashley Madison hack and consequent data leaks, blackmailers and scammers are doing their best to extract as much money and information as it's possible from the panicking users of the popular cheating site.
Trend Micro researchers have spotted several variants of ransom-demanding emails impersonating either Ashley Madison, Impact Team (the hackers), Team GrayFlay (as far as we known, a non existing entity) or no one in particular - all requesting specific amounts of money in bitcoins to be paid in order for their family and friends not to be informed of the matter, or for their information not to be released in a "final leak" (click on the screenshot to enlarge it): full article
1 person likes this
The following article is a on going article
*********************************************
If you're a company that makes its own websites and applications, make sure your developers don't do what the Ashley Madison coders did: store sensitive credentials like database passwords, API secrets, authentication tokens or SSL private keys in source code repositories.
Judging by the massive amount of data leaked last month by Impact Team from AshleyMadison.com's owner Avid Life Media (ALM), the hackers gained extensive access to the Canadian company's IT infrastructure.
full article
*********************************************
Credentials stored in Ashley Madison's source code might have helped attackers.
http://images.techhive.com/images/idgnsImport/2015/08/id-2956933-digitalkey1-100600829-orig.jpg Digital key Credit: IDGNSThe company's developers were careless with sensitive credentials like database passwords, secret keys, and authentication tokens, a security consultant found.
If you're a company that makes its own websites and applications, make sure your developers don't do what the Ashley Madison coders did: store sensitive credentials like database passwords, API secrets, authentication tokens or SSL private keys in source code repositories.
Judging by the massive amount of data leaked last month by Impact Team from AshleyMadison.com's owner Avid Life Media (ALM), the hackers gained extensive access to the Canadian company's IT infrastructure.
full article
+54Graham Cluley | December 14, 2015
And, as we know, internet low-lives have been exploiting members' fears by spamming out blackmail emails.
But, it appears, that blackmailers are also prepared to take things a step further - and write letters to the homes of hacked users.
Here is an email I received from a reader today:
Full Article
And, as we know, internet low-lives have been exploiting members' fears by spamming out blackmail emails.
But, it appears, that blackmailers are also prepared to take things a step further - and write letters to the homes of hacked users.
Here is an email I received from a reader today:
Full Article
+54Life is short, have a quick buck
By Simon Sharwood, APAC Editor 17 Jul 2017 Dating site for cheaters Ashley Madison has thrown US$11.2 million on the bed to make its 2015 data leak go away.The site, which used the slogan “Life is short, have an affair”, was infamously hacked in 2015, lost millions of users' records, prompting a denial from Conservative MP listed in the trove and prompting face-palms-a-plenty from infosec experts who quickly found basic security mistakes on the site.
Full Article.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.