Ashley Madison

Estimated reading time: 4 minutes

hack

WHY ARE WE STILL TALKING ABOUT THIS?

Holy crap this Ashley Madison hack is still blowing up. I thought it would just be another hack, couple of days will pass and everybody will have forgotten all about it. Nope! Checked Google Trends before logging in tonight and it’s still number 1 trending search topic. So what exactly is going on?

THE WHAT

Here’s the quick rundown of what’s going on: AshleyMadison.com is was a dating site for cheaters. Tired of your partner? Cheat on them with someone else who’s also tired of their partner. Their slogan? “Life is short, have an affair.” I’m not going to pass judgement over the morality of the website… there’s enough of that going on elsewhere on the internet. (PROTIP: Read the comments. On second thought… don’t.)

Last month, the website got hacked by a group of hackers going by the name of Impact Team and data from over 37 million accounts was stolen and then leaked. This data includes user data, emails, internal AML (Avid Media Life, the parent company of Ashley Madison) documents, and a limited list of user passwords. The hackers released this statement after the initial attack:

“Too bad for those men, they’re cheating dirtbags and deserve no such discretion. Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

This was over a month ago. Last Tuesday (18 August), Impact Team released another data dump. Yesterday (19 August) they released yet another one. More on that in “Why Is This Still A Thing?”.

THE HOW

My research on how the hack was done unfortunately turned up nothing. Well not nothing… yesterday’s data dump contained a file aptly called “Areas of concern – customer data.docx” written by an unnamed employee inside the company. The file contains various technical concerns ranging from SQL injection vulnerabilities to remote code execution.

I guess somebody didn’t listen.

WHY IS THIS STILL A THING?

Yesterday’s dump contained 9.7GB worth of compressed text files and you can easily see why this is still blowing up once you see what kind of damage this leak is doing. Divorce lawyers literally can’t keep up with the demand. Every curious or suspicious spouse in America is currently scouring the data dumps looking for their partner’s email, name, anything. Huffpost reports:

“I think therapists are probably getting bombarded first,” said Jacqueline Newman, a managing partner at Berkman Bottger Newman & Rodd. “I’m sure it will trickle down.”

Meanwhile, among the very long list of emails dumped, 10,000 belong to government officials registered with their work email, including members of the NSA and DOJ.

Classy as always.

And today’s number 1 trending topic in relation to Ashley Madison? Josh Duggar, of 19 Kids and Counting fame, had a paid account on Ashley Madison. Why is that a big deal, you ask? Well, because he’s the executive director of the Family Research Council, a lobbying group with this mission statement plastered on their website:

Family Research Council’s mission is to advance faith, family and freedom in public policy and the culture from a Christian worldview.

According to yesterday’s leak, Josh Duggar was interested in the following:

“Conventional Sex,” Experimenting with Sex Toys,” One-Night Stands,” “Open to Experimentation,” “Gentleness,” “Good With Your Hands,” Sensual Massage,” “Extended Foreplay/Teasing,” “Bubble Bath for 2,” “Likes to Give Oral Sex,” “Likes to Receive Oral Sex,” “Someone I Can Teach,” “Someone Who Can Teach Me,” “Kissing,” “Cuddling & Hugging,” “Sharing Fantasies,” “Sex Talk.”

If for some odd reason you’re interested in finding out more about Josh Duggar’s sexual interests as revealed by the leak, there’s more info here.

PASSWORD DUMP

This is always fun. When these hacks and leaks happen, most hackers release a list of commonly used passwords. Erik Cabetas from IncludeSecurity.com ran a “light” analysis on the files dumped and figured out the most common passwords. Here they are in all their easily-guessed, completely useless glory. Some are NSFW, obviously.

ashley madison most common passwords

Really, guys? “123456” and “password” are still the most commonly used passwords? Well, at least “pussy” isn’t something you generally see on these lists. The rest though? Nothing new.

If one of these is a password you use, for the love of God, get off this blog and go change it! Like, right now!

NO END IN SIGHT

As long as Impact Team continues to release data this thing is going to continue trending. With each data dump there’s a big reveal and people are eating it up. Or getting divorced. This time it was Josh Duggar and the 10,000 government emails. Who knows what the next leak will contain?


Amante Reale

I'm a freelance writer specializing in tech, gadgets, security, cryptography and cryptocurrency. Warning: I am armed with very strong opinions and I'm not afraid to use them. Hire me!