When the infidelity facilitator Ashley Madison was hacked last month, the site's owners swore that they would protect the leaked personal info of 37 million people by filing DMCA notices. Obviously that was never going to work in the long run, but apparently the stopgap measure did keep the data out of circulation for a month.
Ars Technica brings us the news that a 10GB data dump from the hack has been posted online. The data has been confirmed as real, and includes not just personal info on the site's users but also all sorts of interesting documents related to AM's operations:
Researchers are still poring over the unusually large dump, but already they say it includes user names, first and last names, and hashed passwords for 33 million accounts, partial credit card data, street names, and phone numbers for huge numbers of users, records documenting 9.6 million transactions, and 36 million email addresses. While much of the data is sure to correspond to anonymous burner accounts, it's a likely bet many of them belong to real people who visited the site for clandestine encounters. For what it's worth, more than 15,000 of the e-mail addresses are hosted by US government and military servers using the .gov and .mil top-level domains.
The leak also includes PayPal accounts used by Ashley Madison executives, Windows domain credentials for employees, and a large number of proprietary internal documents. Also found: huge numbers of internal documents, memos, org charts, contracts, sales techniques, and more.
The user data also included the last 4 digits of each user's credit card as well as their sexual preferences. While many of these accounts were burner accounts with untraceable personal info (anonymous emails and one-time use credit cards, for example) others like the 15,000 accounts with govt email addresses are not.
And to make matters worse, websites are popping up that allow anyone to enter a phone number or an email address and find out if it was included in the dump, thus denying Ashley Madison's victims even the option of security through obscurity.
This should be a wake up call to all services that store potentially embarrassing data, including both ebook retailers and libraries.While many people have unremarkable reading habits, there's still the potential that a leak could reveal embarrassing info.
No one who writes or reads erotica, for example, wants to have their personal info splashed across the web. And with everyone from Adobe (38 million accounts compromised in 2013 hack) and Target (70 million accounts compromised in 2013 hack) getting hacked, inferior data security is a real and present danger.
image by Alexandre Dulaunoy