The saga continues with regards to the Ashley Madison ongoing hack debacle. Hackers made good on their threat to release all of the Ashley Madison cheater database information yesterday, and everyone is reacting. The release was made available on a .onion darknet site, and is now available on bittorrent (keep reading for the link and instructions).
Ashley Madison Email Checkers
First things first. About 36 million people are really nervous. If you’re one of them, you can use one of the following sites to check and see if your data was compromised. Or, you can check up on other people by entering an email address.
I would warn you that although these are supposed to be checking real databases, its also probable that they are building a database of every email being checked. I would.
If you don’t trust them, but you happen to be handy with a database and you have a HUGE amount of bandwidth, you can download Bittorrent, and then get the full compressed 9.6GB database leak to analyze yourself.
Where and How to Get the Ashley Madison Database
- Download and install Bittorrent.
- AFTER installing it, click on this link to add the Ashley Madison Torrent to your downloads.
- Select a suitable download location, and then wait. It’s going to take a while.
- In case you are unfamiliar with Bittorrent, be aware that while you are downloading parts from all over the place, you are also uploading parts to others simultaneously.
Once you have the file, you will need to uncompress it. It will be nearly 36GB in total. Very few text editors will read it, however you can download the free EmEditor to open the files with ease on Windows or HexFiend on Mac.
An Analysis of the Ashley Madison Data
Here are things we know about the data so far.
- 33 million accounts and user personal information have leaked
- 36 million email addresses have leaked
- Passwords were fortunately encrypted, so risk is minimized.
- The leak contains the names, street addresses, email addresses, phone number and credit card transactions of nearly 33 million accounts along with valid Credit Card info.
- The data was taken on July, 11 2015
- 28-million men vs 5 million woman, according to the “gender” field in the database (with 2-million undetermined).
- 15,000 of the e-mail addresses are hosted by US government and military servers using the .gov and .mil top-level domains
- Credit-card transactions appear to be predominantly male names.
- Full account information is contained including name, email, password hash, dating information, height, weight, addresses, and GPS coordinates.
- This means even if you used a fake name, your GPS location may have been shared by an app.
- Hackers will be able to “crack” many of the passwords when users chose weak ones, but strong passwords are safe.
- Approximately 250,000 deleted accounts appear to have the password removed.
- Partial credit card transaction data, but not the full credit card number, is present along with full names and addresses.
- Employees at companies such as Amazon, Boeing and Sony; governments agencies in the UK, Canada and France; defence contractors like Raytheon and BAE Systems; and banks including JP Morgan, Bank of America and Citigroup, IBM, institutions such as the Catholic church and universities including Harvard and Yale.
Contents of the Ashley Madison Data Dump
There were a number of files released, the contents of which are summarized here:
This file contains the GPG public key to check that all files were created by the author and *not* modified by some third party.
The readme file contains the following text:
_______ _____ __ __ ______ _ _ _ _____ _
|__ __|_ _| \/ | ____( ) | | | | __ \| |
| | | | | \ / | |__ |/ ___ | | | | |__) | |
| | | | | |\/| | __| / __| | | | | ___/| |
| | _| |_| | | | |____ \__ \ | |__| | | |_|
|_| |_____|_| |_|______| |___/ \____/|_| (_)
Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.
Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.
Any data not signed with key 6E50 3F39 BA6A EAAD D81D ECFF 2437 3CD5 74AB AA38 is fake.
Contains ALL credit card transactions from the past 7 years including names, street address, amount paid and email address of every transaction.
Contains 32 million user first/last names, street address, phone numbers, relationship status, preferences and personal data such as if they drink, smoke, what their their security question is, date of birth, nickname, and more.
Contains administrative documents.
Additional personal data.
Contains 36 million email addresses.
Physical description: eyes color, weight, height, hair color, body type, “ethnicity”, and more.
Contains more than 30 million usernames + hashed passwords. The passwords are hashed with the bcrypt algorithm which makes a global attack on the password very unlikely.
- Spammers have now begun attempting to extort money from victims of the leak, exactly as I previously predicted.
- Two suicides in Canada have been allegedly linked to the AshleyMadison information release. Names have not been disclosed.
- Police have set up a Twitter account, @AMCaseTPS, and hashtag, #AMCaseTPS, in a bid to gather information about the hack from members of the public.
- A class action lawsuit has been filed in the U.S. District Court, Central District of California No. 15-cv-06405
Got Any More Info?
If you’ve got any additional info, drop it in the comments below and share with the rest of us. 😉