Hacker Statements Regarding Ashley Madison "Affair"
Posted by Pile
(14682 views) [E-Mail link]
[Beating Dead Horses]
|It's widely known now, that a group of hackers calling themselves, "The Impact Team" has apparently infiltrated the computer networks of the parent company of adultery-promoting web site, AshleyMadison.com. They originally demanded the company shut down their sites or risk having their customers' personal information made public. The hackers have apparently followed-through on their promise, and all around the world, regional groups and media have grabbed the data and made various discoveries based on its contents.|
What may not be so clear is exactly why this group did this? It appears to be about more than just AshleyMadison.com. Here are some of the statements made by the hackers from the data they released. And just exactly what data do the hackers have? They give a few examples that we've sanitized so you can see without compromising anybody's privacy.
Impact Team README.txt:
Avid Life Media runs Ashley Madison, the internet's #1 cheating site, for people who are married or in a relationship to have an affair. ALM also runs Established Men, a prostitution/human trafficking website for rich men to pay for sex, as well as cougar life, a dating website for cougars, man crunch, a site for gay dating, swappernet for swingers, and the big and the beautiful, for overweight dating.
Trevor, ALM's CTO once said "Protection of personal information" was his biggest "critical success factors" and "I would hate to see our systems hacked and/or the leak of personal information"
Well Trevor, welcome to your worst fucking nightmare.
We are the Impact Team. We have hacked them completely, taking over their entire office and production domains and thousands of systems, and over the past few years have taken all customer information databases, complete source code repositories, financial records, documentation, and emails, as we prove here. And it was easy. For a company whose main promise is secrecy, it's like you didn't even try, like you thought you had never pissed anyone off.
Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.
So far, ALM has not complied.
First, we expose that ALM management is bullshit and has made millions of dollars from complete 100% fraud. Example:
-Ashley Madison advertises "Full Delete" to "remove all traces of your usage for only $19.00"
-It specifically promises "Removal of site usage history and personally identifiable information from the site"
-Full Delete netted ALM $1.7mm in revenue in 2014. It's also a complete lie.
-Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.
-Other very embarrassing personal information also remains, including sexual fantasies and more
-We have all such records and are releasing them as Ashley Madison remains online.
Avid Life Media will be liable for fraud and extreme personal and professional harm from millions of their users unless Ashley Madison and Established Men are permanently placed offline immediately.
Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this.
This is your last warning,
We are not opportunistic skids with DDoS or SQLi scanners or defacements. We are dedicated, focused, skilled, and we're never going away. If you profit off the pain of others, whatever it takes, we will completely own you.
For our first release, and to prove we have done all we claim, we are listing *one* Ashley Madison credit card transaction for each day for the past 7 years, complete with customer name and address (oneperday.txt) and associated profile information (oneperday_am_am_member.txt and oneperday_aminno_member.txt, selected rows from our complete dump of the AM databases). We are also releasing a hash dump and zone file for both domains, select documents from your file servers, executives' google drives, and emails, and the Ashley Madison source code repository. Also, since Ashley Madison stopped using plaintext passwords, we're also releasing the swappernet user table, which still has plaintext passwords:
[PERSONAL INFORMATION REMOVED]
1 example from this dump: "XXXXXX XXXXXX", with profile ID 23xxxxx50, who spitefully paid for Ashley Madison the day after valentine's day in 2014, lives at XXXXXXXX st. Brockton, MA in the US, with email XXXXXX@AOL.COM. He is not only married/attached, but is open to a list of fantasies from Ashley Madison's list: |29|44|39|37|7|, a.k.a. "Cuddling & Hugging", "Likes to Go Slow", "Kissing", and "Conventional Sex". He's looking for 'A woman who seeks the same things I seek: passion and affection. If you have such desires then we will get alone just fine','|54|11|9|' which means "Good Communicator", "Discretion/Secrecy", and "Average Sex Drive". He also says "I have only two personal interests on this site. Making sure that You are comfortable with me should I be so fortunate to hold your attention and making sure I take the role of discretion to an artform. I mean isn't this why we are here, to be as discreet as possible?" From the login table, we know his user ID is 'XXXXX' and password hash is '$2a$12$ndXXXXXXXXXXGQylEMHRw2COLZO'.
As another, profile ID 4XXXX0 is listed as a "paid delete", which means a few of his profile text boxes are gone, but from purchase records we know it is "XXXXXXXXX" from "XXXXXXX" "Mississauga","ON" "XXXX" whose fantasies are |7|40|17|34|33|37|38|48|36|42|43|50|44|32|39|29|49|18|, which includes "Likes to Give Oral Sex", "Likes to Receive Oral Sex", "Light Kinky Fun", "Role Playing", "Erotic Tickling", "Erotic Movies", "Good With Your Hands", "Sensual Massage", and "Dressing Up/Lingerie" among others. You must be glad you paid for your profile to be deleted, huh?
Too bad for those men, they're cheating dirtbags and deserve no such discretion. Too bad for ALM, you promised secrecy but didn't deliver. We've got the complete set of profiles in our DB dumps, and we'll release them soon if Ashley Madison stays online.
And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.
Well, Noel? Trevor? Rizwan? What's it going to be?