Wednesday, 19 August 2015

32 Million Users Data Ashley Madison Put Online

The attackers knew who last month at the Ashley Madison website to break in and loot that made ​​the data of millions of users have now put the data online. It involves account information and login details of around 32 million users of the website for cheaters, reports Wired.

In addition also published a list of seven years credit and payment transactions. This data consists of millions of payment transactions, including names, addresses, email addresses and amounts paid. The latter have been given four digits of the credit card. The stolen data is now distributed via Tor websites and torrent files. They can be downloaded from download sites like Rapidshare and Mega. The attackers had the data already published two days ago on Reddit, but it has now been picked up by the media.

The attackers demanded that Ashley Madison hacked the website and the website Established They were taken offline, otherwise they would make the data public. In a statement, the attackers set to Avid Life Media, the company behind Ashley Madison and Established Men, created thousands of fake profiles of women. The attackers The website also called a scam."Chances are good that you signed up for one of the largest websites for affairs, but have never had one." Victims of data theft getting the attackers advice to sue the company.

The database would be some 15,000 e-mail addresses ending in .gov and .mil. It is in this case to addresses used by the US military and government. In a statement enables Avid Life Media that does not involve hacktivism, but there is a crime.Meanwhile, the FBI would be involved in the investigation. According to the company, the attackers will eventually be caught.


Security expert Robert Graham analyzed the stolen data and says that it is more than 36 million accounts. 28 million accounts are men, while five million women had registered for the website. The other accounts could not be determined.When analyzing the credit Graham came only men took against. In addition, there are 250,000 possible deleted accounts, since the password of it was removed. The account information includes full name, email address and password hash, but also data such as height and weight.

Also, mailing address and GPS coordinates were found in the data dump from 9,7GB. "I suspect that many players from creating a fake profile, but with an app that passed their real GPS coordinates," Graham says. The passwords are hashed with bcrypt. A stronger algorithm than MD5. Yet Graham expects hackers will succeed especially many weak passwords to "crack". Users with a strong password, however, would be safe.

No comments:

Post a Comment