Hackers Offer Up Second Ashley Madison Dump of Cheating Spouses

The Ashley Madison debacle just keeps getting bigger: Blackmail campaigns have already started and a second data dump has exposed even more records.

Plus, Josh Duggar, one of the ultra-Christian reality stars of “19 Kids and Counting” and confessed child molester, has been exposed as even more of a total hypocrite than he was already known to be.

Hackers in July said that they had stolen 37 million records for customers of Ashley Madison, the online “dating” website for married people looking to have an affair. The information includes "all the customers' secret sexual fantasies and matching credit card transactions,” the perpetrators said.

The hackers, who call themselves The Impact Team, said they planned to release real names, profiles, nude photos, credit card details and "secret sexual fantasies” unless the site was shut down.

Ashley Madison, which carries the tagline, “Life is short. Have an affair” is only one of a few “niche” offerings from Canada-based Avid Media. It also runs sugar-daddy site Established Men, and CougarLife, which caters to women looking for "a young stud” and younger men who would like to play that part. The hackers apparently have no issue with the latter…but said that they also want Established Men shut down.

And now, a month later, they have apparently made good on the threat.

The second dump included emails sent by Noel Biderman, founder and chief executive officer of the site’s Toronto-based parent company, Avid Life Media. Biderman had previously floated the idea that the first dump may not be real.

In a message accompanying the release, the hackers said: "Hey Noel, you can admit it's real now."

“The attackers appear to want to expose and shame the company, ostensibly to push the company toward shutting down two of their most profitable properties,” said Ken Westin, security analyst at Tripwire, in an email. “One of their primary goals of this attack seems to be to embarrass and shame the company’s executives. Unfortunately, the exposure of the users of the site is just collateral damage. 

He added, “Today’s additional release of data, particularly the CEO’s emails, reveals just how deep the breach was and how much of Ashley Madison’s infrastructure was compromised. It also seems reminiscent of the Sony breach which also appeared to have personal attack overtones.”

The fallout has been considerable already—in addition to the aforementioned extortion efforts, the US Defense Department and Postal Service is also investigating the alleged use of military and other government email accounts on the site.

And, lawyers have launched a class-action lawsuit seeking some $760 million in damages on behalf of Canadians whose information was leaked.

According to Fortscale CEO Idan Tendler, all signs indicate that the hackers had access to the network for a while.

“The sheer volume of data that has been accessed and revealed suggests a substantial amount of time the Impact Team had to survey the ALM network before slowly siphoning away the data,” he said in an email. “Once a hacker has obtained legitimate user credentials, it’s game over. Without proper monitoring and visibility, a hacker can potentially lurk on a network for months snooping around for the ‘crown jewels.’ This is the kind of activity that preceded other devastating hacks like Target and OPM.”

What’s Hot on Infosecurity Magazine?