Posted on Aug 20, 2015
Ashley Madison website hacked: Is this a good thing to call out adulterers or a violation of "privacy?"
690
0
0
It was only a matter of time.
The stolen database of 32 million people who used cheating website Ashley Madison has made its way to the Web. And it's easily searchable on several websites.
Just plug in a name or email address, and you'll find out if someone who signed up for the service.
CNNMoney is not linking to these sites directly, but they can be found via regular Web searches -- if you know exactly what to look for.
Usually, hacked data is difficult to reach or sort through. Stolen files are posted on the Dark Web (which requires a special web browser called Tor). And they're traded on file-sharing platforms (which also requires special software and clicking on dubious downloads).
But now anyone can check if his or her spouse was cheating -- just by filling out a form.
Someone has even created a custom Google Map that displays some of AshleyMadison.com users' addresses registered with the website.
Some people were idiotic enough to sign up using company and government work email addresses, making them especially easy to positively identify. Our quick review found 6,904 addresses linked to the Canadian and American governments, plus another 7,239 in the U.S. Army, 3,531 in the Navy, 1,114 Marines and 628 in the Air Force.
But it's difficult to verify the accuracy of these searching tools. But at least one tool, which searches by email address, returns accurate results. CNNMoney verified this by plugging in email addresses of users it has independently verified.
The danger of being exposed is real.
Many of the cheaters exposed in this hack serve in the U.S. military, evident because they used email addresses that end in the .mil domain. Adultery does, in fact, violate Uniform Code of Military Justice. It's a prosecutable offense that can land you a year in confinement and a dishonorable discharge.
What about people who used Ashley Madison to engage in gay affairs? The website's users were worldwide, and there are 79 countries where homosexuality is illegal. In Afghanistan, Iran, Mauritania, Nigeria, Qatar, Saudi Arabia and the United Arab Emirates, the punishment is death.
A quick search of a small subset of Ashley Madison users listed two in the United Arab Emirates. Their addresses are most likely legitimate, because they were tied to the credit card they used to pay for the service, according to one computer researcher.
This is what Tim Cook was talking about earlier this year when he said we don't live in a post-privacy world. Absolute privacy of data still matters.
The Ashley Madison hack includes customer names, credit card data, physical addresses and sexual preferences. Some users were smart enough to use fake names. But financial data is legitimate. And in total, the data makes it easy to hunt someone down.
This information is incredibly revealing. For example, the database shows if a person was listed as a married "male seeking male" with a "someone I can teach" sexual fantasy looking for a "boy next door." Or an "attached female seeking male" with a "spanking" fantasy seeking "a Don Juan."
The listed sexual fantasies range from master/slave relationships to cross dressing and exhibitionism.
This hack proves that you need to exercise extreme caution if you're going to share your deepest, darkest secrets. Using your real name or payment information is a hazard. No website is impenetrable. Few websites practice good security standards. Even major American banks use second-rate security.
AshleyMadison.com had it even worse. As a hive of cheaters, it has long been the antagonist of betrayed spouses. It was an inevitable target for hackers. And the company behind the website, Avid Life Media, knew it couldn't protect user data.
That's why, in the fine print, Ashley Madison says, "We cannot ensure the security or privacy of information you provide through the Internet." Compare that to the lofty promise it makes on the website front door for "100% discreet service."
http://money.cnn.com/2015/08/19/technology/ashley-madison-search/index.html
The stolen database of 32 million people who used cheating website Ashley Madison has made its way to the Web. And it's easily searchable on several websites.
Just plug in a name or email address, and you'll find out if someone who signed up for the service.
CNNMoney is not linking to these sites directly, but they can be found via regular Web searches -- if you know exactly what to look for.
Usually, hacked data is difficult to reach or sort through. Stolen files are posted on the Dark Web (which requires a special web browser called Tor). And they're traded on file-sharing platforms (which also requires special software and clicking on dubious downloads).
But now anyone can check if his or her spouse was cheating -- just by filling out a form.
Someone has even created a custom Google Map that displays some of AshleyMadison.com users' addresses registered with the website.
Some people were idiotic enough to sign up using company and government work email addresses, making them especially easy to positively identify. Our quick review found 6,904 addresses linked to the Canadian and American governments, plus another 7,239 in the U.S. Army, 3,531 in the Navy, 1,114 Marines and 628 in the Air Force.
But it's difficult to verify the accuracy of these searching tools. But at least one tool, which searches by email address, returns accurate results. CNNMoney verified this by plugging in email addresses of users it has independently verified.
The danger of being exposed is real.
Many of the cheaters exposed in this hack serve in the U.S. military, evident because they used email addresses that end in the .mil domain. Adultery does, in fact, violate Uniform Code of Military Justice. It's a prosecutable offense that can land you a year in confinement and a dishonorable discharge.
What about people who used Ashley Madison to engage in gay affairs? The website's users were worldwide, and there are 79 countries where homosexuality is illegal. In Afghanistan, Iran, Mauritania, Nigeria, Qatar, Saudi Arabia and the United Arab Emirates, the punishment is death.
A quick search of a small subset of Ashley Madison users listed two in the United Arab Emirates. Their addresses are most likely legitimate, because they were tied to the credit card they used to pay for the service, according to one computer researcher.
This is what Tim Cook was talking about earlier this year when he said we don't live in a post-privacy world. Absolute privacy of data still matters.
The Ashley Madison hack includes customer names, credit card data, physical addresses and sexual preferences. Some users were smart enough to use fake names. But financial data is legitimate. And in total, the data makes it easy to hunt someone down.
This information is incredibly revealing. For example, the database shows if a person was listed as a married "male seeking male" with a "someone I can teach" sexual fantasy looking for a "boy next door." Or an "attached female seeking male" with a "spanking" fantasy seeking "a Don Juan."
The listed sexual fantasies range from master/slave relationships to cross dressing and exhibitionism.
This hack proves that you need to exercise extreme caution if you're going to share your deepest, darkest secrets. Using your real name or payment information is a hazard. No website is impenetrable. Few websites practice good security standards. Even major American banks use second-rate security.
AshleyMadison.com had it even worse. As a hive of cheaters, it has long been the antagonist of betrayed spouses. It was an inevitable target for hackers. And the company behind the website, Avid Life Media, knew it couldn't protect user data.
That's why, in the fine print, Ashley Madison says, "We cannot ensure the security or privacy of information you provide through the Internet." Compare that to the lofty promise it makes on the website front door for "100% discreet service."
http://money.cnn.com/2015/08/19/technology/ashley-madison-search/index.html
Adultery
Privacy
Hacking
Spouses
Edited >1 y ago
Posted >1 y ago
This is a duplicate discussion and the contents have been merged with the original discussion. Click below to see more on this topic...
So 15,000 accounts are linked to .mil or .gov email addresses. I wonder if anyone will data mine these addresses and look into any violations of UCMJ. It would be hard to prove, for sure.
What would you do if you knew one of your subordinates or leaders had one of these accounts?
--
Hackers claimed Tuesday to have leaked personal data of millions of people that was stolen in a cyberattack on the parent company of Ashley Madison, an online dating site aimed at people who wish to have extramarital affairs.
WIRED reported that a group called the Impact Team, who claimed responsibility for last month's hack, posted 9.7 gigabytes of stolen user data on the so-called "dark web," a reference to a part of the Internet that can only be accessed through a specialized browser.
According to WIRED, the leaked data includes customer names, login details, street and e-mail addresses, and details of transactions that date as far back as 2007. However, WIRED reported that the data does not appear to include full credit card numbers. In all, approximately 32 million accounts at Ashley Madison and Established Men, a site aimed at women looking to date wealthy men, are believed to be affected.
It is not clear how much of the data belongs to real customers or are from fake, so-called "burner" accounts. However, WIRED reported that approximately 15,000 leaked e-mail addresses use .gov and .mil domains, meaning that they are hosted by U.S. government and military servers.
Toronto-based Avid Life Media, Inc., the parent company of both websites, said in a statement obtained by the Associated Press that it was aware of the group's claim and was investigating.
"The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner," the company said, accusing the hackers of seeking to impose "a personal notion of virtue on all of society."
Security analysts who examined the leaked data said they believed the information dump to be genuine. Brian Krebs, a former Washington Post reporter who writes a blog on computer security and broke news of the initial hack last month, reported that he had spoken to three sources who reported finding their last names and credit card information in the database.
The hack was made public July 20, the day after Krebs' initial report was posted online. The Impact Team demanded at the time that Avid Life Media shut down Ashley Madison and Established Men. The group claimed to have targeted the company over its alleged fraudulent business practices, saying that Ashley Madison and Established Men's "full delete" tool does not remove users’ personal information for a one-time $19 fee, as promised by the sites.
"Shutting down AM and EM will cost you, but non-compliance will cost you more," a statement warned. "We will release all customer records, profiles with all the customers’ secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses, and employee documents and emails."
WIRED reported that the Impact Team introduced the new data dump with a statement titled "Time's Up!"
"Avid Life Media has failed to shut down Ashley Madison and Established Men," the statement read. "We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
The statement continued: "Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit [sic]; 90-95% of actual users are male. Chances are your man signed up on the world's biggest affair site, but never had one. He just tried to. If that distinction matters.
"Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends," the statement concludes. "Embarrassing now, but you'll get over it."
http://www.foxnews.com/tech/2015/08/19/hackers-say-theyve-posted-data-adultery-website-ashley-madison-users-online/?intcmp=hpbt3
What would you do if you knew one of your subordinates or leaders had one of these accounts?
--
Hackers claimed Tuesday to have leaked personal data of millions of people that was stolen in a cyberattack on the parent company of Ashley Madison, an online dating site aimed at people who wish to have extramarital affairs.
WIRED reported that a group called the Impact Team, who claimed responsibility for last month's hack, posted 9.7 gigabytes of stolen user data on the so-called "dark web," a reference to a part of the Internet that can only be accessed through a specialized browser.
According to WIRED, the leaked data includes customer names, login details, street and e-mail addresses, and details of transactions that date as far back as 2007. However, WIRED reported that the data does not appear to include full credit card numbers. In all, approximately 32 million accounts at Ashley Madison and Established Men, a site aimed at women looking to date wealthy men, are believed to be affected.
It is not clear how much of the data belongs to real customers or are from fake, so-called "burner" accounts. However, WIRED reported that approximately 15,000 leaked e-mail addresses use .gov and .mil domains, meaning that they are hosted by U.S. government and military servers.
Toronto-based Avid Life Media, Inc., the parent company of both websites, said in a statement obtained by the Associated Press that it was aware of the group's claim and was investigating.
"The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner," the company said, accusing the hackers of seeking to impose "a personal notion of virtue on all of society."
Security analysts who examined the leaked data said they believed the information dump to be genuine. Brian Krebs, a former Washington Post reporter who writes a blog on computer security and broke news of the initial hack last month, reported that he had spoken to three sources who reported finding their last names and credit card information in the database.
The hack was made public July 20, the day after Krebs' initial report was posted online. The Impact Team demanded at the time that Avid Life Media shut down Ashley Madison and Established Men. The group claimed to have targeted the company over its alleged fraudulent business practices, saying that Ashley Madison and Established Men's "full delete" tool does not remove users’ personal information for a one-time $19 fee, as promised by the sites.
"Shutting down AM and EM will cost you, but non-compliance will cost you more," a statement warned. "We will release all customer records, profiles with all the customers’ secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses, and employee documents and emails."
WIRED reported that the Impact Team introduced the new data dump with a statement titled "Time's Up!"
"Avid Life Media has failed to shut down Ashley Madison and Established Men," the statement read. "We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
The statement continued: "Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit [sic]; 90-95% of actual users are male. Chances are your man signed up on the world's biggest affair site, but never had one. He just tried to. If that distinction matters.
"Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends," the statement concludes. "Embarrassing now, but you'll get over it."
http://www.foxnews.com/tech/2015/08/19/hackers-say-theyve-posted-data-adultery-website-ashley-madison-users-online/?intcmp=hpbt3
Read This Next
Continue with Facebook 
Continue with Google