Ashley Madison hackers spill the beans on cheaters

By JC Torres/Aug. 18, 2015 8:37 pm EST

Proving that they mean business, Impact Team, the hackers who broke into cheating site AshleyMadison.com, made good their threat to publish personal information that they pilfered from the site if owner Avid Life Media didn't take the website down for good. Now it has exposed over 37 million names, addresses, and even indecent proposals from members of the website who made up of, as the website says, thousands of cheating wives and cheating husbands looking for an affair. Now they're probably thinking the got more than what they bargained for.

It has been nearly a month since the hacking incident. Impact Team's demands were straightforward. Avid Life Media should take down AshleyMadison and another site, EstablishedMen for young women looking for sugar daddies, permanently. Amusingly, they didn't mention CougarLife, a sister site for older women looking for younger men. To prove that they meant business, they uploaded a very small sample of the data they got.

Naturally, ALM refused to give in and instead announced that they have strengthened security and that they will remove any customer data as they are leaked. That, however, won't do much good for the data that's already in the hands of the hackers, which it has now released in bulk through an Onion address which can only be accessed through Tor. And just how much data is in this dump? 9.7 gigabytes in total. The data dump includes user names, logins, addresses, email addresses and even descriptions of what the user wants in a fantasy affair meeting. That said, AshleyMadison's sign up process doesn't authenticate email, so any email address will do. Given the nature of the site, it's also probable that subscribers don't use their real names or addresses.

Impact Team is skirting responsibility (since what they did is technically illegal) by laying the blame on Avid Life Media. Aside from the morally questionable purpose of the site, the hackers are pointing to ALM's fraudulent business practices. The site requires a $19 fee to permanently delete users' own data from the servers but the hackers claim that it isn't actually deleting them, hence the drastic measure to call attention to the issue.

Somewhat ironically, AshleyMadison is described to actually be using strong encryption to protect users' passwords, better than any recent hacking incidents which reveal that passwords are stored as plain text. That said, even if the passwords are hashed for protection, it is only a matter of time before hackers break through. And considering how most people are pretty unimaginative and careless about passwords, that is practically a key to almost every part of the user's digital life.

SOURCE: WIRED