By Joseph D. McClendon
Ashley Madison, the online dating service for people who are already dating, married, or otherwise involved in a relationship with another person, was breached last month under threat of that data being publically dumped if the website was not shut down. Impact Team, the group responsible for the attack, had already released a small part of the data downloaded from the Ashley Madison servers on July 15 but had remained mum on when it would leak the remainder of the account information if Avid Life Media, owner of Ashley Madison and sister site Established Men, did not take down both websites.
On August 18, just over 30 days after the breach was announced, Impact Team released a 10 gigabyte dump of compressed data through Bittorrent and the Tor network. The dump includes nearly 33 million accounts, 36 million e-mail addresses, and personal information that includes names, street addresses, phone numbers, and (partial) credit card numbers. The dump also includes “a full domain dump of corporate passwords (NTLM hashes) of the Windows domain of the company, PayPal accounts and passwords for the company, [and] internal only documents.” Falsified and fake data dumps have been put online since the July breach, but the inclusion of sensitive and proprietary internal documents in yesterday’s dump, such as org charts and server infrastructure, indicates that the user account information in this leak is real.
Avid Life Media has not released any new information about the source of the July breach or how it was compromised.