Ashley Madison hack fallout begins as security analysts say data dump is genuine
MORE than than 700 Australian government officials and police officers have been caught up in the Ashley Madison cheating scandal.
A breakdown of the statistics showed most heavily affected branches were the defence and education departments with 408 and 504 email addresses found respectively, according to data published online. A total of 81 email addresses were found for police officers.
Security experts say personal details of millions of users of the Ashley Madison website released by hackers appear to be genuine, as the fallout from the massive data dump begins to hit home.
TrustedSec chief executive Dave Kennedy said the information dump included full names, passwords, street addresses, credit card information and an extensive amount of internal data .
In a separate blog, Errata Security chief executive Rob Graham said the information released included details such as users height, weight and GPS coordinates. He said men outnumbered women on the service five-to-one.
Postal addresses from around Australia were also in the file, and Sydney and Melbourne made the list of the top six cities where people want to cheat.
The website dadaviz.com created a graphic that showed the cities with the most Ashley Madison accounts. Four Australian cities were on the list, with Sydney in the third spot with 251,813 accounts.
Dadaviz posted this graphic showing the 25 cities with the highest number of Ashley Madison accounts. Picture: Dadaviz.com Source: Supplied
Melbourne was at six on the list, with 213,847 accounts, then Brisbane followed at 14 with 118,857 accounts and Perth at 22 with 88,754 accounts.
It has been noted, though, that these numbers don t take population into consideration so while Toronto has a similar number of accounts to Santiago, Chile (they sit at four and five on the list), it has about half the population.
A number of websites have emerged, making it easy for people to search for their own email address to see if it is part of the Ashley Madison data dump.
A quick Google search of Ashley Madison email checker provides a sufficient list of websites created for that purpose.
Have I Been Pwned has now loaded more than 30.6 million email addresses from the scandal into its database. However, it will only share data from the leak with people who have verified their email address and registered for notifications with the service.
This means sensitive data from the leak will only be revealed to the authentic owner of the email account and to those with prying eyes.
This has sent the internet into overdrive with people sifting through the data to find users to expose.
Messages posted by hacker group Impact Team. Intimate details of sexual fantasies and personal information of Australian members of a cheating website have been released online. Source: AAP
However, a married Scottish National Party MP whose details appeared in the file has questioned the authenticity, accusing hackers of simply harvesting her personal identity.
Along with potentially millions of others, an out-of-use email address seems to have been harvested by hackers. I am not aware of or in contact with either Avid Life or Ashley Madison and look forward to finding out more about what has actually happened, mum-of-two Michelle Thompson told The Independent.
The cheating site s owner, Toronto-based Avid Life Media Inc, has previously acknowledged suffering an electronic break-in and said in a statement overnight it was investigating the hackers claim.
US and Canadian law enforcement are involved in the probe, the company said.
The prospect of millions of adulterous partners being publicly shamed drew widespread attention but the sheer size of the database and the technical savvy needed to navigate it means it s unlikely to lead to an immediate rush to divorce courts.
Unless this Ashley Madison information becomes very easily accessible and searchable, I think it is unlikely that anyone but the most paranoid or suspecting spouses will bother to seek out this information, New York divorce attorney Michael DiFalco said in an email.
There are much simpler ways to confirm their suspicions.
Hackers posted this message to Ashley Madison users. Source: Supplied
Although Mr Graham, from Errata Security, and others said many of the Ashley Madison profiles appeared to be bogus, it s clear the leak was huge.
Troy Hunt, who runs a website that warns people when their private information is exposed online, said nearly 5000 users had received alerts stemming from the breach.
Although many may have signed up out of curiosity and some have little more to fear than embarrassment, the consequences for others could reverberate beyond their marriages.
The French leak monitoring firm CybelAngel said it counted 1200 email addresses in the data dump with the .sa suffix, suggesting users were connected to Saudi Arabia, where adultery is punishable by death.
CybelAngel also said it counted some 15,000 .gov or .mil addresses in the dump, suggesting that American soldiers, sailors and government employees had opened themselves up to possible blackmail.
Other accounts have been linked to the United Nations and even the Vatican.
Using a government email to register for an adultery website may seem foolish, but CybelAngel vice president of operations Damien Damuseau said there was a certain logic to it.
Using a professional address, he said, keeps the messages out of personal accounts where their partner might see them .
It s not that dumb, Damuseau said.
How many of the people registered with Ashley Madison actually used the site to seek sex outside their marriage is an unresolved question. But whatever the final number, the breach is still a humbling moment for Ashley Madison, which had made discretion a key selling point.
In a television interview last year, chief executive Noel Biderman described the company s servers as kind of untouchable .
The hackers motives aren t entirely clear, although they have accused Ashley Madison of creating fake female profiles and of keeping users information on file even after they paid to have it deleted. In its statement, Avid Life Media accused the hackers of seeking to impose a personal notion of virtue on all of society .
Mr Graham, the security expert, had a simpler theory.
In all probability, their motivation is that 1) it s fun, and 2) because they can, he wrote.
A message posted by the hackers alongside their massive trove accused Ashley Madison s owners of deceit and incompetence and said the company had refused to bow to their demands to close the site.
Now everyone gets to see their data, the statement said.
Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you ll get over it.
Ashley Madison has long courted attention with its claim to be the internet s leading facilitator of extramarital liaisons, boasting of having nearly 39 million members and that thousands of cheating wives and cheating husbands sign up every day looking for an affair .
Getting Away With An Affair 23:37
WARNING – Graphic Content: Unfaithful men who have carried on adulterous affairs for many years describe how they managed to keep it quiet
- March 18th 2015
- 2 years ago