For those not in the know; Ashley Madison is a site offering hook-ups for people looking to have affairs – commonly referred to as an adultery or infidelity site. Call me a prude but, personally, I find it astonishing that these types of sites even exist, let alone have proven to be so popular.
I can’t imagine a situation where personal information held in an online database could be any more sensitive. Imagine the panic then, when news of the Ashley Madison breach surfaced a little over a month ago. At that time, the hackers threatened to out all the “cheating dirtbags” they could find – that is, unless parent company Avid Life Media (ALM) shut it down along with its other hook-up sites Cougar Life and Established Men.
Weeks rolled by with no details emerging and I can only imagine the growing sense of relief felt by the millions of Ashley Madison users. Alas, for them, several days ago, their worst nightmare returned with a vengeance. A huge file – just under 10 gigabytes in size – was made available via BitTorrent. While there is nothing in the file itself to confirm that it specifically relates to Ashley Madison, a number of security researchers have provided anecdotal evidence which clearly points in that direction.
Security reporter Brian Krebs, who had initially shown some scepticism over the dump, now suggests it is genuine, publishing an update to his latest blog post in which he says:
I’ve now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database… I’m sure there are millions of AshleyMadison users who wish it weren’t so, but there is every indication this dump is the real deal.
Contained within the file are email addresses, profile descriptions, postal addresses, GPS locations, sexual preferences and weight and height details. A separate file containing credit card transaction data was also published (although it does not include card numbers or billing addresses).
A message included with the data from the Impact Team – the group allegedly behind the breach – says any consequences of the dump are on ALM, who “failed you and lied to you.” The Impact Team went on to suggest that affected users should prosecute the company and claim damages.
If this data dump is indeed genuine, which is looking more and more likely, the consequences could well be long term and far reaching. Apart from the potential affect on so many relationships, I think it’s pretty safe to assume that, among the millions of users, there would be a fair number of high profile names also subject to disclosure.
For its part, Ashley Madison says it has now bolstered its security – a bit like shutting the stable door after the horse has bolted methinks – and is continuing to investigate the breach while also appealing for help in catching those responsible.
It certainly is a mess – some might say a self inflicted mess. What do you think?