Ashley Madison hack: Live updates as ‘UK Government email addresses’ in data … – Telegraph.co.uk
Who’s admitting to using Ashley Madison?
Admitting to infidelity might still be the last thing most people would want to do in public.
But an analysis of what social media users are saying has shown the number of people disclosing they are a member of the site has increased 20 times since the hack was revealed last month (and their posts are usually “coupled with excuses”).
This graph shows how the data was analysed by the social intelligence and analytics company Brandwatch:
— Brandwatch (@Brandwatch)
August 19, 2015
‘Our servers are kind of untouchable’
Whatever the final numbers of Ashley Madison users affected by the data hack, the breach is a humbling moment for the parent firm Avid Life Media.
It has made discretion a key selling point and, in a television interview last year, Chief Executive Noel Biderman described the company’s servers as “kind of untouchable”.
Credit card ‘still valid and in daily use’
According to the Quartz website – which claims to have downloaded the data from the Dark Web – the slew of information reveals several million individual credit card transactions that went to Ashley Madison.
They are each said to show the name of the person involved, their address, the last four digits of their credit card number and the amount paid.
One researcher even claims to have found that a listed credit card is “still valid” and in “daily use”:
AM breach: credit card listed in breach is *STILL VALID* and in “daily” use. AMEX/VISA/MC has got work to do now…. cc @DavidGoldmanCNN
— Per Thorsheim (@thorsheim)
August 18, 2015
Ashley Madison users ‘find their card details’
Although there was earlier some scepticism about if the Ashley Madison leak was genuine, investigators are now beginning to agree it is real.
At least three “vouched sources” have reported finding their personal information and last four digits of their credit card numbers in the leaked database, according to the Krebs on Security website.
‘Never put anything online you wouldn’t be happy to see on your gran’s coffee table’
Internet users – and businesses – should go back to basics when it comes to protect their data, according to the WatchGuard internet security firm. Corey Nachreiner, chief technology officer, said:
Businesses should assume they have already been compromised when putting security in place since you can never have perfect defence. Organisations must implement discovery-and-response tools so that they can immediately see and handle the incidents that get past their gates.
“It is a reminder that cyber criminals may be hacktivists with social agendas who want to disrupt day-to-day business or organised criminal groups going after your customers’ financial or personal data – or in this case, both.
“At the route of these exploits, I am reminded of the advice I regularly give to kids. At a very basic level, do not put anything online you wouldn’t be happy to see on the front page of news on your grandmother’s coffee table. The internet is forever, no matter who you trust with your data.”
Divorce lawyers: Some husbands will be nervous
For anyone whose partner discovers they have signed up to adulterers’ site Ashley Madison, it could be the final straw for couples who will be forced into difficult conversations, according to divorce lawyers. Elizabeth Hicks, a partner and specialist divorce lawyer at Irwin Mitchell, said:
With 1.2m Britons apparently affected by the data leak, 95 per cent of whom are reportedly male, there will no doubt be a few nervous husbands sat round the dinner table tonight.
“While being on the list is obviously not proof of an affair, it is likely to erode the trust in the relationship. Many people are often ‘caught out’ chatting to other partners via social media and this is essentially an extension of that.
“For people who are already sensing cracks building in their relationship this could prove to be the final straw and force couples to have a difficult conversation that they may have been putting off for a while. Often it is the simple fact that their partner is thinking about an affair, not that they have had an actual affair, that worries partners most.
“Once a relationship has got to this stage it can be difficult to regain the trust. An emotional attachment to someone, as opposed to a physical attachment such as a one night stand, can be harder to forgive.”
How jealous spouses become private detectives
As millions of Ashley Madison users’ details are leaked online, one private investigator tells Sophie Curtis how technology is helping people catch out their errant partners.
Mobile phones, in particular, can easily be turned into spying devices – thanks to their built-in cameras, microphones and GPS chips.
According to private investigator Richard Martinez, a simple piece of software can allow a jealous spouse to monitor all their partner’s movements, texts, emails and calls. Read the full interview here.
For anyone just joining us, here’s a recap of what we know so far about the Ashley Madison hack today…
A major investigation is under way after hackers claimed to have released the personal details of up to 32 million users of the Ashley Madison adultery website.
The site, which has the tagline “Life is short. Have an affair”, was hacked last month by a group calling itself The Impact Team.
Hackers are now said to have fulfilled their threat and dumped 9.7 gigabytes of data – including card, account details and log-ins – on the Dark Web, which is only accessible by a covert internet browser.
Among the email addresses are many work accounts, including thousands of those used by government workers – more than 100 of them said to belong to UK Government workers.
However, it is unclear if members provided legitimate details as it is possible to create an Ashley Madison account using someone else’s name and email.
The hack is understood to be a protest over the charging of a leavers’ fee to users to completely delete all their data. Avid Life Media, which runs Ashley Madison as well as dating sites Cougar Life and Established Men, branded the hackers “criminals” as it said it is investigating the latest claims.
Stay with us for the latest updates throughout the day.
How can this be stopped from happening again?
Dave Palmer, director of technology at cyber security firm Darktrace, offers this insight into the ongoing security threat Ashley Madison – and other companies – face:
It means embracing an ‘immune system’ approach which is going to highlight the emerging signs of compromise, before damage is done – and abandoning the illusion that you can block all threat.
“Avid Life Media are right to say that no online asset is safe today. They now need to work out how they stop it happening again.”
‘Leak could lead to compromise of online banking’
The online bank accounts of Ashley Madison users involved in the data hack could also be comprimised, according to James Maude, senior security engineer at Avecto:
A hidden danger here is the amount of data now out there and the impact this could have on areas such as national security, government policy and law enforcement.
“At first glance, it may look like the Ashley Madison data leak will cause nothing more than embarrassment. But this type of sensitive personal information can be used by criminals to generate serious leverage against an individual, when combined with details released from other attacks.
“Although the password for the accounts were stored in a way which makes wholesale decryption unlikely, it is entirely possible that a targeted attack on an individual account could crack the password.
“This could lead to the compromise of other accounts such as online banking or emails if a shared password was used.”
Scramble to create searchable database
After the Ashley Madison hackers dumped a 9.7 gigabyte file of data – containing details of an estimated 32 millions users – on the Dark Web, internet users have been looking through the slew of information.
But as it is stored in what is described as the “underground of the internet”, the data requires the use of a covert internet browser called TOR.
And now it has sparked a scramble on the internet to create a searchable database of all those named.
One internet user who claimed to have created a searchable database reportedly saw their website crash within minutes of going live earlier today.
A history of high-profile hacks
Cyber attacks on high-profile brands are becoming more common. Here’s a quick reminder of the biggest hacks in the last 12 months alone:
How are people reacting on Twitter?
As the Ashley Madison hack threatens to wreak strife in relationships across the globe, Helena Horton has been looking at the reaction on social media.
Most kind-hearted Twitter users feel for the marriages of potentially millions of people who signed up to the site – and of course their partners.
But others have been less sympathetic with their responses and have had a go at humour:
Please don’t tweet any of my information from the Ashley Madison leak. My wives will be devastated.
— Ed Jefferson (@edjeff)
August 18, 2015
the people named in the Ashley Madison hack deserve to be exposed for their participation in the disgusting ritual of sexual intercourse
— Virgil Texas (@virgiltexas)
August 19, 2015
Cromwell was my Ashley Madison. He got hacked too. #EerieParallels
— Henry Tudor (@KngHnryVIII)
August 19, 2015
Do you feel sorry for the Ashley Madison victims?
More than 100 UK Government email addresses
The Telegraph understands that around 150 UK Government email addresses are included in the data dump said to have been made by the Ashley Madison hackers.
But it’s worth remembering that it is not clear of members of the adulterers’ site provided legitimate details – and it is possible to create an Ashley Madison account using someone else’s name and email.
‘Users vulnerable to blackmail – and even suicide’
Many members of Ashley Madison will be feeling uncomfortable and vulnerable to blackmail – and even suicide, according to a high-profile security researcher. Graham Cluley writes on his website:
Chances are that many people who are members of the Ashley Madison website will feel uncomfortable with their boss, friends, partner or mother-in-law knowing about it. So they probably won’t be happy if the leaked database is genuine.
“It’s easy to imagine that some people might be vulnerable to blackmail, if they don’t want details of their membership or sexual proclivities to become public.
“Others might find the thought that their membership of the site – even if they never met anyone in real life, and never had an affair – too much to bear, and there could be genuine casualties as a result. And yes, I mean suicide.”
‘Life is short. Have a divorce’
Among the thousands of people using the #AshleyMadison hashtag on Twitter are those who took no time in repurposing the company’s “Life is short. Have an affair” slogan…
Life is short. Have a protracted divorce case. #Ashleymadison
— Mario in Green (@4EverPlayer2)
August 19, 2015
New #AshleyMadison slogan: “Life is short. We’ll help you get a divorce.”
— BNCNB (@JawbreakerNOLA)
August 19, 2015
LOL! Life is short, have a divorce. #AshleyMadison
— . (@burrohazard)
August 19, 2015
‘Thousands of UK Government email addresses in leaked data’
Within hours of the 9.7 gigabytes of data – including account details and log-ins for an estimated 32 millions users – being released on the Dark Web, details have begun appearing on other sites as people decrypt the database.
Among the email addresses are many work accounts – including scores of .gov.uk accounts used by UK Government workers, according to the CSO internet security website.
Others are said to appear to include email addresses linked to some of the world’s biggest banks, civil servants in America and even those with United Nations and Vatican email addresses.
However, it is unclear if members provided legitimate details and it is possible to create an Ashley Madison account using someone else’s name and email.
According to Wired.com, a sampling of the data indicates that users most likely provided random numbers and addresses – but files containing credit card transactions could yield real names and addresses.
‘This will destroy lives of innocent people’
Our ignorance of the internet will lead to more than heartbreak, says Rupert Myers. You can read his full piece here.
“Never before in history have we created the means by which one or two people could infiltrate privacy.
“A string of code can unpick lies the world over. Keystrokes can reveal our most intimate thoughts, dreams, and fears.”
Usernames, card details and sexual fantasies
The data released on the Dark Web reportedly includes AshleyMadison.com usernames, sexual fantasies and credit card details.
According to the Ars Technica website, the data dumped on the Dark Web contains titles including ‘aminno_member_email.dump.gz,’ ‘CreditCardTransactions7z,’ and ‘member_details.dump.gz’.
Why was Ashley Madison hacked?
The hack is understood to be a protest over the charging of a leavers’ fee to users to completely delete all their data.
The Impact Team said the erasing of personal information is a “complete lie”, and claimed that details such as real name and address are never deleted – information the hackers suggest is likely to be “the most important” that users want removed.
What is the Dark Web?
The data has been dumped on the Dark Web, which cannot be accessed with the usual search engines such as Google, instead requiring the use of a covert internet browser called TOR.
It is described as the “underground of the internet” or the “internet black market”.
‘This is an act of criminality’
Avid Life Media (ALM), which runs Ashley Madison as well as dating sites Cougar Life and Established Men, said it is investigating the latest claims “to determine the validity of any information posted online”. In a statement, ALM said:
Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.
“This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities.
“The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.
“We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully co-operate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.”
‘This isn’t cyber terrorism. It’s cyber vigilantism’
Identifying customers on Ashley Madison, which uses the slogan “Life is short. Have an affair,” could have far-reaching consequences for people.
“These guys want as much notoriety as possible. This isn’t cyber terrorism. It’s cyber vigilantism,” said Ajay K. Sood, General Manager for Canada of cyber security firm FireEye Inc.
Still the dump was massive, according to Troy Hunt, a Microsoft security expert, who said more than one million unique email addresses were attached to payment records.
Tech website Wired said 9.7 gigabytes of data was posted, and appeared to include member account and credit card details.
“Avid Life Media has failed to take down Ashley Madison and Established Men,” Wired quoted Impact Team as saying in a statement accompanying the online dump.
“We have explained the fraud, deceit, and stupidity of ALM (Avid Life Media) and their members. Now everyone gets to see their data,” the hackers said, according to Wired.
Data released onto dark web
The hackers who call themselves The Impact Team released a huge cache of data containing customer information, including email addresses and credit card details on the Dark Web.
The hackers have appointed themselves as “the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society,” Avid Line Media said in its statement. “These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives,” it said.
The hackers, who call themselves The Impact Team, leaked snippets of the compromised data in July and threatened to publish names and salacious details of as many as 37 million customers unless Ashley Madison and EstablishedMen.com, another site owned by Toronto-based parent company Avid Life Media, were taken down.
While other higher-profile attacks such as those on big companies, like Sony Pictures Entertainment and Target, have seen credit card data of customers stolen, this attack appeared to confirm that the hackers were not driven by blackmail or commercial motives, but rather ideological ones.
Details of more than million users dumped online
A mountain of data containing the details of more than a million individuals who have used the infidelity website AshleyMadison.com has been dumped on the internet.
As tech websites reported that the hackers had gone ahead with their threat to publish material that will endanger marriages across the world, the website’s owner said it was investigating the data breach.
AshleyMadison.com lashed out at the hackers for hurting what it said were “innocent” citizens.
It was the first time Avid Line Media confirmed the FBI had joined the investigation. The Royal Canadian Mounted Police, the Ontario Provincial Police and the Toronto Police Services are also involved, it said.
Stay with us for the latest updates throughout the day.