August 19, 2015 Last Updated 2:19 pm

Full dump of hacked Ashley Madison documents hits the web, political websites have a field day

Oh these are nervous days for members of the Ashley Madison website. The extramarital dating site was hacked last month and now the documents have appeared online. The names, hashed passwords and partial credit card information for 33 million accounts has been published to a Tor network website.

There is apparently a READ ME file included that states “Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.”


The last time he was seen smiling

Somebody was clearly in a foul mood, attacking the Ashley Madison website because of what they consider fraud.

“Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles,” the hacker writes. “Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.”

If caught, I doubt the hackers will be seen as doing anyone any favors with their hack. As for those Ashley Madison members, they now don’t have to worry about being individually blackmailed, though the fact that the file is now public probably won’t let them sleep well tonight, either.

“We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data,” Avid Life Media said in a statement released shortly after the data dump was detected. “We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.”

The Guardian, meanwhile, is leading with the story that the site’s own staff was concerned about security. Apparently these documents were including in the online dump of information:

One document was a summary of results of an internal questionnaire, in which employees were asked to list “critical success factors” in their jobs, the areas where “failure to perform well” would hurt them most, and the area where they would “hate to see something go wrong”.

Several commenters on the story are questioning The Guardian’s news judgement of leading with this story over other news. They have a good point, though sometimes a story leads just because it is new, then falls down the home page after a few hours. We’ll see if The Guardian sticks with this story all evening.

But like it or not, I think this is a story with legs, as they say. Here is an example: Roll Call has already reported that someone on the staff of Republican presidential candidate Ted Cruz is among the names leaked today. Now it would be a shame if reporters spend all day shifting through the hacked documents looking for dirt to publish… but you can bet they will. (The Hill is reporting that there were 15,000 government emails among the members info leaked, which will “likely put Washington, D.C., on edge. The nation’s capital reportedly has the highest rate of membership for the site of any city.”)


But at least one blogger puts things into perspective (something I am not seeing elsewhere): “For one thing, being a member of a dating site, even a somewhat seedy one like Ashley Madison, is no evidence that you have cheated on your partner,” writes Graham Cluley. “You might have joined the site years before when you were single and be shocked that they still have your details in their database, or you might have joined the site out of curiosity or for a laugh… never seriously planning to take things any further.”

One more point: this data in raw form is one thing, but as I’m writing this there are probably hundreds of people turning the data into a searchable form. What do you think the chances are that someone might slip some bogus information into the mix? While there would be ways to confirm the legitimacy of the information (by cross checking it with the raw data) I’m sure someone, somewhere will think it cute to add a name here or an email address there. So, beware what you read about so-and-so’s name appearing, it might not be true (I’ve already seen a tweet that said Ted Cruz’s name is in the data, when it was supposedly someone from his office.)

Links to more on this story:

Ars Technica: Ashley Madison hack is not only real, it’s worse than we thought

Hydraze & Friends blog: Ashley Madison full dump has finally leaked

The Guardian: Ashley Madison staff raised security concerns before hack

Roll Call: Team Cruz, Capitol Police Pop Up in Ashley Madison Data Dump

Above the Law: Who Are The Lawyers, Law Profs, And Judges That Were Revealed In The Ashley Madison Hack?

The Hill: 15,000 government emails revealed in Ashley Madison leak

The Telegraph: Scores of addresses among 32 million released…

Salon: The terrifying unanswered questions of the Ashley Madison hack

Vice: Ashley Madison Sent Me a DMCA Request for Tweeting 2 Cells of a Spreadsheet

Comments are closed.