Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Join Date
    May 2004
    Location
    Philadelphia, PA
    Posts
    7,558

    Default Online Cheating Site Ashley Madison Hacked

    By Brian Krebs

    Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company's user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is “Life is short. Have an affair.”



    The data released by the hacker or hackers — which go by the name The Impact Team — includes sensitive internal data stolen from Avid Life Media (ALM), the Toronto-based firm that owns AshleyMadison as well as related hookup sites Cougar Life and Established Men.

    Reached by KrebsOnSecurity late Sunday evening, ALM Chief Executive Noel Biderman confirmed the hack, and said the company was “working diligently and feverishly” to take down ALM’s intellectual property. Indeed, in the short span of 30 minutes between that brief interview and the publication of this story, several of the Impact Team’s Web links were no longer responding.

    “We’re not denying this happened,” Biderman said. “Like us or not, this is still a criminal act.”

    Besides snippets of account data apparently sampled at random from among some 40 million users across ALM’s trio of properties, the hackers leaked maps of internal company servers, employee network account information, company bank account data and salary information.

    The compromise comes less than two months after intruders stole and leaked online user data on millions of accounts from hookup site AdultFriendFinder.

    In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.

    According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.

    “Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”

    Their demands continue:

    “Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”


    A snippet of the message left behind by the Impact Team.

    It’s unclear how much of the AshleyMadison user account data has been posted online. For now, it appears the hackers have published a relatively small percentage of AshleyMadison user account data and are planning to publish more for each day the company stays online.

    “Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers continued. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

    ALM CEO Biderman declined to discuss specifics of the company’s investigation, which he characterized as ongoing and fast-moving. But he did suggest that the incident may have been the work of someone who at least at one time had legitimate, inside access to the company’s networks — perhaps a former employee or contractor.

    “We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”

    As if to support this theory, the message left behind by the attackers gives something of a shout out to ALM’s director of security.

    “Our one apology is to Mark Steele (Director of Security),” the manifesto reads. “You did everything you could, but nothing you could have done could have stopped this.”

    Several of the leaked internal documents indicate ALM was hyper aware of the risks of a data breach. In a Microsoft Excel document that apparently served as a questionnaire for employees about challenges and risks facing the company, employees were asked “In what area would you hate to see something go wrong?”

    Trevor Stokes, ALM’s chief technology officer, put his worst fears on the table: “Security,” he wrote. “I would hate to see our systems hacked and/or the leak of personal information.”

    In the wake of the AdultFriendFinder breach, many wondered whether AshleyMadison would be next. As the Wall Street Journal noted in a May 2015 brief titled “Risky Business for AshleyMadison.com,” the company had voiced plans for an initial public offering in London later this year with the hope of raising as much as $200 million.

    “Given the breach at AdultFriendFinder, investors will have to think of hack attacks as a risk factor,” the WSJ wrote. “And given its business’s reliance on confidentiality, prospective AshleyMadison investors should hope it has sufficiently, er, girded its loins.”

    The Hackmaster
    dlevere's blog

  2. Likes 47iscool liked this post
  3. #2
    Join Date
    Jul 2002
    Posts
    2,598

    Default

    Yup, sounds like alot of married couples are gonna have a bad day. Websites like this shouldn't exist anyway.

  4. #3
    Join Date
    May 2004
    Location
    Philadelphia, PA
    Posts
    7,558

    Default Hacked data from Ashley Madison cheating site is posted

    By Greg Toppo

    Computer hackers who breached AshleyMadison.com, a dating website that targets married people, are reportedly beginning to share the site's user data online.

    The hackers uploaded 9.7 gigabytes of data on Tuesday that appear to include member account details and log-ins for the social networking site, which exhorts prospective users, "Life is short. Have an affair."

    WIRED magazine reported on Tuesday that credit card and other payment information are also part of the data dump.

    AshleyMadison.com's owners claimed nearly 40 million users for the site and two related sites at the time of the breach last month.

    WIRED reported that the data released by hackers included names, addresses and phone numbers submitted by users, though it said a sampling of the data indicated that users "likely provided random numbers and addresses."

    The data also included descriptions of what members were seeking: "I'm looking for someone who isn't happy at home or just bored and looking for some excitement," one member wrote. "I love it when I'm called and told I have 15 minutes to get to someplace where I'll be greeted at the door with a surprise — maybe lingerie, nakedness."

    In a statement issued Tuesday, the site's owner, Avid Life Media, said its investigation into the breach is still ongoing and that it is "actively monitoring and investigating this situation to determine the validity of any information posted online." The company said it would "continue to devote significant resources to this effort."

    The statement continued: "This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society."

    The hackers, who call themselves the Impact Team, demanded that Avid Life Media take down the site as well as the companion site EstablishedMen.com, which "promises to connect beautiful young women with rich sugar daddies."

    The hackers didn't target CougarLife.com, a sister site that promises to connect older women with younger men.

    The Hackmaster
    dlevere's blog

  5. #4
    Join Date
    Jul 2002
    Posts
    2,598

    Default

    I read somewhere else that 90-95 percent of the users are male and many of the womens profiles on it are bots. So likely the men on it tried to have a affair but couldn't.

  6. #5
    Join Date
    May 2004
    Location
    Philadelphia, PA
    Posts
    7,558

    Default Extortionists Target Ashley Madison Users

    By Brian Krebs

    People who cheat on their partners are always open to extortion by the parties involved. But when the personal details of millions of cheaters get posted online for anyone to download — as is the case with the recent hack of infidelity hookup site AshleyMadison.com — random blackmailers are bound to pounce on the opportunity.


    An extortion email sent to an AshleyMadison user.

    According to security firms and to a review of several emails shared with this author, extortionists already see easy pickings in the leaked AshleyMadison user database.

    Earlier today I heard from Rick Romero, the information technology manager at VF IT Services, an email provider based in Milwaukee. Romero said he’s been building spam filters to block outgoing extortion attempts against others from rogue users of his email service. Here’s one that he blocked this morning (I added a link to the bitcoin address in the message, which shows nobody has paid into this particular wallet yet):
    Hello,

    Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.

    If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $225 USD) to the following address:

    1B8eH7HR87vbVbMzX4gk9nYyus3KnXs4Ez link added

    Sending the wrong amount means I won’t know it’s you who paid.

    You have 7 days from receipt of this email to send the BTC [bitcoins]. If you need help locating a place to purchase BTC, you can start here...
    The individual who received that extortion attempt — an AshleyMadison user who agreed to speak about the attack on condition that only his first name be used — said he’s “loosely concerned” about future extortion attacks, but not especially this one in particular.

    “If I put myself in [the extortionist’s] shoes, the likelihood of them disclosing stuff doesn’t increase their chance of getting money,” said Mac. “I just not going to respond.”

    Mac says he’s more worried about targeted extortion attacks. A few years ago, he met a woman via AshleyMadison and connected both physically and emotionally with the woman, who is married and has children. A father of several children who’s been married for more than 10 years, Mac said his life would be “incredibly disrupted” if extortionists made good on their threats.

    Mac said he used a prepaid card to pay for his subscription at AshleyMadison.com, but that the billing address for the prepaid ties back to his home address.

    “So they have my home billing address and first and last name, so it would be relatively easy for them to get my home records and figure out who I am,” Mac said. “I’ll accept the consequences if this does get disclosed, but obviously I’d rather not have that happen because my wife and I are both very happy in our marriage.”

    Unfortunately, the extortion attempts like the one against Mac are likely to increase in number, sophistication and targeting, says Tom Kellerman, chief cyber security officer at Trend Micro.

    Kellerman is convinced we’ll see criminals leveraging the AshleyMadison data to conduct spear-phishing attacks aimed at delivering malicious software such as ransomware, a different type of extortion threat that locks the victim’s most treasured files with a secret encryption key unless and until the victim pays a ransom (also in Bitcoins).

    “There is going to be a dramatic crime wave of these types of virtual shakedowns, and they’ll evolve into spear-phishing campaigns that leverage crypto malware,” Kellerman said. “The same criminals who enjoy deploying ransomware would love to use this data.”

    The leaked AshleyMadison data could also be useful for extorting U.S. military personnel and potentially stealing U.S. government secrets, experts fear. Some 15,000 email addresses ending in dot-mil (the top-level domain for the U.S. military) were included in the leaked AshleyMadison database, and this has top military officials just a tad concerned.

    According to The Hill, the U.S. Defense Secretary Ash Carter said in his daily briefing Thursday that the DoD is investigating the leak.

    “I’m aware of it, of course it’s an issue, because conduct is very important,” Carter told reporters at the briefing, The Hill reported. The publication notes that adultery in the military is a prosecutable offense under Article 134 of the Uniform Code of Military Justice.

    Maximum punishment includes dishonorable discharge, forfeiture of all pay and allowances, and confinement for one year. As such, Carter told reporters that service members found to have used adultery website Ashley Madison could face disciplinary action.

    Kellerman said attacks against military personnel who used AshleyMadison may well target spouses of people whose information is included in the database — all in a bid to infect the spouse as a way to eventually steal information from the real target (the cheating military husband or wife).

    “Something must already be going on for [the Secretary of Defense] to actually have a press conference on that,” Kellerman said. “We may actually see spear-phishing campaigns against spouses of individuals who are involved in this, attacks that say, ‘Hey, your wife or husband was involved in this site, do you want to see proof of that?’

    And the proof, in this scenario, would be a a booby-trapped attachment that deploys spyware or malware.

    Mac, who’s not a military man, says he doesn’t regret the affair he had via AshleyMadison; his only regret is not finding a way to keep his home address out of his records on the site.

    “I regret using my home address and some of my personal information that AshleyMadison didn’t take as good care of as they should have,” he said. “But I really, I’m mad these hackers feel it’s so important to force the hand of people that have a different outlook on life.”

    The AshleyMadison data is leaked on various sites, but the data itself is not easily searchable by folks who aren’t familiar with raw database files. However, several sites have since popped up that allow anyone to search by email address to find if that address had an account at AshleyMadison.com. True, AshleyMadison.com did not always verify email addresses, but some of these AshleyMadison search services coming online will indicate whether the associated email address also has a payment record — a marker which could be useful to extortionists.
    Last edited by dlevere; 08-23-2015 at 07:55:16 AM.

    The Hackmaster
    dlevere's blog

  7. #6
    Join Date
    May 2004
    Location
    Philadelphia, PA
    Posts
    7,558

    Default

    Last edited by dlevere; 08-24-2015 at 03:16:57 PM.

    The Hackmaster
    dlevere's blog

  8. #7
    Join Date
    May 2004
    Location
    Philadelphia, PA
    Posts
    7,558

  9. #8
    Join Date
    May 2004
    Location
    Philadelphia, PA
    Posts
    7,558

  10. #9
    Join Date
    Mar 2007
    Posts
    1,544

    Default

    The massive quantity of people on this doesn't surprise me. If it weren't for religion having appeared to scare people into place, I always wondered why people weren't just a bunch of swingers capable of separating emotion and sex. Most people I encounter definitely seem like they would like to be if nobody cared enough to make a big deal of it around them, so many just resort to secrecy. I almost never see lasting relationships around me because of this. Seems like somebody somewhere always gets caught cheating, and that's the end most of the time except for a few people around me who went from temporary rage to both just admitting they want to bang everyone so they basically do and they're still together. Not sure if I live around the "norm" or not, but people I encounter seem like 99% swingers in denial due to religion and social/cultural stigma.

    Years from now, maybe some day there will start being swingers parades in between all of the LBGT pride parades.
    Last edited by bungholio; 08-24-2015 at 10:41:05 PM.

  11. #10
    Join Date
    May 2004
    Location
    Philadelphia, PA
    Posts
    7,558

    Question

    I watch Cheaters and the Maury Show sometimes. I still can't figure out how all of the men on Maury get caught cheating in that green room with the sexy decoy.

    The Hackmaster
    dlevere's blog

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Android 4.2 Cheating
    By Cibomatto2002 in forum Miscellaneous Game Hacking
    Replies: 7
    Last Post: 06-28-2017, 04:46:44 PM
  2. GTA V Hacking, Modding, And Cheating
    By dlevere in forum Hacking Scene News
    Replies: 0
    Last Post: 09-29-2013, 06:24:24 AM
  3. Apple developer site hacked
    By dlevere in forum The Lounge
    Replies: 3
    Last Post: 08-10-2013, 01:02:08 PM
  4. How Do You Detect Cheating In Chess?
    By dlevere in forum The Lounge
    Replies: 0
    Last Post: 01-16-2013, 04:13:46 AM
  5. question for visualboy advance version hacked in you site gamehacking.org
    By michellefland in forum Under Constuction/To Be Added
    Replies: 16
    Last Post: 08-25-2012, 02:13:50 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •