Impact Team, the group behind the AshleyMadison.com hack attack, has released a second trove of records that the group stole from the website back in July.
About 20 gigabytes of additional data– an amount twice as large as the initial data dump of about 10 gigabytes– were released on Thursday, and it includes a folder containing email communications by the company’s founder and CEO Noel Biderman.
After the data was stolen last month, Impact Team warned Avid Life Media (ALM), the owner of AshleyMadison.com–a website that markets itself as the most successful website for finding an affair and cheating partner– and Established Men– a website that markets itself as the “premier online dating service that connects young, beautiful women with rich, successful men–that they would dump the stolen records online if the company failed to take down the two websites.
And on Tuesday, the group finally released the information, as promised, on about 37 million registered Ashley Madison users, including log-in and profile information, names, addresses, emails, transaction amounts and a four-digit payment identifier that most speculate are the last four digits of the credit card used on each transaction.
Avid Life Media is based in Toronto, Canada, and authorities in both Canada and the United States are investigating the cyber attack.
To make matters worse, according to CNBC two class-action lawsuits seeking $578 million have been filed in Ontario, Canada, against ALM and Avid Dating Life, the companies that run Ashley Madison.
The legal troubles for ALM will most likely mount beyond those two lawsuits because the company failed to deliver on its “full-delete” feature, where customers who paid $19 could have their data deleted from the site. According to the hackers, the company deceived those customers by deleting the data from public view only, while it kept the data stored on ALM’s servers.
According to The Verge, this gives customers grounds to “sue the company for false claims, and the FTC might even prosecute the company for deceptive trade practices.”
CBS News reported this morning that AshleyMadison.com’s traffic has dropped 40% since news of the breach broke in July, and some experts speculate that ALM, which was planning an IPO earlier this year, may not live to see that day.
According to CSO, a security analysis firm, about 15,000 of the emails leaked by the hackers had “either a .mil or .gov email address and Politico has reported that the Pentagon “is investigating the 13,000 email addresses with military domain names that may have been used to log in to the website Ashley Madison.”
“I’m aware it,” Defense Secretary Ash Carter said. “Of course it’s an issue because conduct is very important. And we expect good conduct on the part of our people. … The services are looking into it and as well they should be. Absolutely.”
According to the AP, adultery can be a criminal offense under the Uniform Code of Military Justice.
An analysis by the Associated Press (AP) “traced many of the accounts exposed by hackers back to federal workers.”
Politico reported that Jason Doré, “an executive director of the Louisiana GOP who spent $176 on the site, said that he used the site for ‘opposition research.'”
Josh Duggar, the reality TV star from TLC’s “19 Kids and Counting,” was also implicated in the data breach. According to CNN, Trustify, a cybersecurity firm, revealed that Mr. Duggar paid Ashley Madison $986 between 2012 and 2015.
Though Mr. Duggar and the Duggar family proudly touts their Christian values, Mr. Duggar is not new to controvery of a depraved nature. Earlier this year, TLC cancelled the family’s reality TV show after allegations that Mr. Duggar molested 5 young girls, including his young sisters, when he was 14 years old surfaced.
While there were many casualties of the data breach, divorce lawyers, marriage counselors, and cyber security firms are expected to profit handsomely from ALM’s woes.
The hackers not only exposed a flaw on Ashley Madison’s security system and showed a high level of sophistication in the way they conducted the attack and released the data. They also released the most hilarious statements throughout this ordeal:
1. Following the data theft in July, Impact Media released a warning to ALM that read in part:
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”
To which Ashley Madison initially responded with its own statement:
Then, on the first data dump, the hackers wrote in part:
Not surprisingly, Ashley Madison did not release data of its own to counter the fake female profiles accusation since it is an impending litigation, but it did release a statement saying, among other expected things, that it was working to “determine the validity of any information posted online.”
So then, on data dump #2, the hackers called out the CEO for questioning the authenticity of the data:
“Hey Noel, you can admit it’s real now.”
R.I.P. Ashley Madison. May you live on forever on our textbooks as a business, cybersecurity, and public relations case study.
It is simply not worth trying to create a postmortem crisis response plan for ALM.
Death did us part. The End.