Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Privacy The Internet News

Hackers Publish Cheating Site's Stolen Data 319

pdclarry notes that many news outlets are reporting that 9.7 GB of data stolen from cheating website AshleyMadison.com has been published online. "The dump contains files with titles including 'aminno_member_dump.gz,' 'aminno_member_email.dump.gz,' 'CreditCardTransactions7z,' and 'member_details.dump.gz,' an indication that the download could contain highly personal details." Brian Krebs questioned the way this has been reported without confirmation, but added that he's been contacted by several people who found their own accurate details within the data dump. Many of the reports note this detail: "Assuming the download turns out to be authentic, people should remember that it was possible for anyone to create an account using the name and e-mail address of other individuals."
This discussion has been archived. No new comments can be posted.

Hackers Publish Cheating Site's Stolen Data

Comments Filter:
  • by Anonymous Coward on Tuesday August 18, 2015 @11:24PM (#50344449)

    Usually all sites will send a confirmation email and only enable the account if a confirmation link or code from that email is used.

    So i guess it's a bit hard to "create an account using the ... e-mail address of other individuals"

    • by Anonymous Coward on Tuesday August 18, 2015 @11:58PM (#50344559)

      Except AM specifically did NOT so as to help avoid leaving a trail.

      One of my friends is on this list because I created his account for him as a prank.

      • by x0ra ( 1249540 ) on Wednesday August 19, 2015 @12:47AM (#50344673)
        It's not a prank, it's identity theft, either a felony or a misdemeanor.
        • That for starters depends on the laws of your locality.

          Secondly, person registering the account can very well argue they used a pseudonym. Many a pseudonym is a realistic name, and as such can very well happen to match the name of someone else. People that happen to have identical names are a similar case.

          It would definitely be identity theft if the person not only uses another person's name, but tries to completely impersonate another individual. Just registering using a name that's not your own is not ide

          • by Imrik ( 148191 )

            Using someone else's email for it pretty much shoots down the argument that it was a pseudonym.

            • Agreed, if you would indeed (have to) use that other person's e-mail, and supposedly gained access to that person's inbox, it'd clearly be identity theft.

              However in this case, that's not necessary to register an account.

        • No, it's a prank. Now that this hack has happened it's also hilarious. Don't be an old stick in the mud.
      • by mwvdlee ( 775178 )

        In what way is this a prank if your "friend" doesn't ever get notified he even has an account there?

        • by gl4ss ( 559668 ) on Wednesday August 19, 2015 @01:29AM (#50344789) Homepage Journal

          well the second part of the prank was obviously to hack and publish the user database.

          a pretty elaborate prank I must say, I salute!

          • well the second part of the prank was obviously to hack and publish the user database.

            a pretty elaborate prank I must say, I salute!

            This hacker/prankster should be easy to find, he probably reads Slashdot uses an Android phone and had a girlfriend (that last fact should shorten the suspect list considerably). Oh, and he probably only got angry enough to hack AshleyMadison.com because she cheated on him with an Apple iPhone using hipster.

      • So was this site free? No CC info?

      • by wbr1 ( 2538558 )
        However legit accounts may have other identifying info. CC numbers, profile pics and text with personal info. I think for many there will be enough data points to ID if not in a court of law then in a court of spouse.
    • by Fweeky ( 41046 )

      My gmail address gets used as a throwaway rather a lot, and you'd be surprised at the number of sites that don't bother at all.

      This message was sent to you ($foo@gmail.com) because you are a valued NBA fan registered with us and we wanted to wish you a happy birthday!

      Hi meleonaz,

      www.skype.com
      Registered email successfully updated
      Your email address for the account meleonaz has been successfully updated to $foo@gmail.com

      Hi @notme345,
      We got a request to reset your Instagram password.

      Thanks so much for joining Pandora! We're very happy to have you on board, and we look forward to providing you with endless hours of great music listening and discovery.

      Many more sites will still create the account and let you use it without me validating the email, and many more provide no means of saying this *isn't* their email.

      • by dcw3 ( 649211 )

        Exactly this. I get crap mail from Best Buy, Enterprise Rental Car, and several others, because they're too damn lazy to do their jobs.

      • Yeah, me too. AT&T, some casual labour placement place in Phoenix, I even get alarm armed/disarmed/etc. notifications from some woman's house in the NE US. Not to mention the elementary school class parents' mailing list that sent me name, phone number, address, parents' names for all the kids, plus schedules for upcoming events.

        People and companies should be more careful.

    • by McGruber ( 1417641 ) on Wednesday August 19, 2015 @06:53AM (#50345623)
      Arstechnica reports:

      For what it's worth, more than 15,000 of the e-mail addresses are hosted by US government and military servers using the .gov and .mil top-level domains.

      I wonder how many federal employees will be losing security clearances as a result of this?

    • by greenfruitsalad ( 2008354 ) on Thursday August 20, 2015 @02:18AM (#50352143)

      my favourite reaction to this incident is:
      "2 years of paying $19 a month... Now I'm finally getting f**ked"

  • Yeah, right. (Score:5, Insightful)

    by Zontar The Mindless ( 9002 ) <plasticfish.info@nospAm.gmail.com> on Tuesday August 18, 2015 @11:27PM (#50344457) Homepage

    Assuming the download turns out to be authentic, people should remember that it was possible for anyone to create an account using the name and e-mail address of other individuals.

    ...And supplying other people's credit card details as well, no doubt.

    FWIW, I believe that people's sex lives are their own business, married or not. But I find it difficult to drum up any sympathy for marrieds who are foolish enough to go looking for something on the side via a big flashy commercial website dedicated to that purpose.

    Internet privacy was over at least a decade ago. There's been plenty of time for you to figure this out.

    • by Anonymous Coward

      Funny how Slashdot's fierce Fighters for Privacy turn a blind eye when it's something they don't care about that gets hacked.

      But I guess these people "deserved" it because they didn't adequately protect their identities...or something.

      Thugs are thugs whether they are stabbing you for your wallet or stealing your personal information. A swift death is the best option for them.

      • Re:Yeah, right. (Score:4, Insightful)

        by ThatsMyNick ( 2004126 ) on Tuesday August 18, 2015 @11:39PM (#50344501)

        Your take on that comment was that he was turning a blind eye? To me it seemed like a lament, that privacy is dead. Long live privacy.

      • Funny how Slashdot's fierce Fighters for Privacy turn a blind eye when it's something they don't care about that gets hacked.

        I think we are just laughing our asses off about trying to decide whether Pat Robertson was actually able to employ competent system crackers, or whether the security on the site was so lame, given its purported purpose and clientele.

        Also, note that this isn't a privacy issue, it's a database hack; it's just incidental that it involves a website that contained prurient details of illicit affairs, rather than, for example, credit card data for everyone who used a credit card at Target, Home Depot, and Lucky'

        • I'm waiting for the data mine on specific famous persons and political figures to be published with quite some interest... wonder if anyone is going to be dropping out of the presidential race over it...

          Hillary is out...

        • I'm waiting for the data mine on specific famous persons and political figures to be published with quite some interest... wonder if anyone is going to be dropping out of the presidential race over it...

          I'm thinking more likely Canadian politics is going to be rocked... 1 in 5 people in Ottawa (Canada's capitol) were supposedly members... That's a good chance that a fair number of people seeking re-election right now are going to show up in that database.

      • by readin ( 838620 )

        Funny how Slashdot's fierce Fighters for Privacy turn a blind eye when it's victims have done one of the cruelest and most inhumane things one person can do to another.

        FTFY

        • Re:Yeah, right. (Score:4, Insightful)

          by cbhacking ( 979169 ) <been_out_cruising-slashdot@@@yahoo...com> on Wednesday August 19, 2015 @02:37AM (#50345011) Homepage Journal

          Oh, please. Cheating is bad, but "one of the cruelest and most inhumane things one person can do to another" is at risk of breaking my hyperboleometer. Discounting things like giving your partner a disease, which is a risk that increases when cheating but is its own separate problem, the heartbreak from cheating is nothing compared to the enduring pain from the death of a loved one, or the trauma of violent rape, or the horror of the battlefield, or even the crippling injuries one can get from a car crash. Cheating is cruelty and betrayal, but at the end of the day it's not likely to ruin your whole life, much less end it.

          Besides, humans aren't really wired very well for monogamy. I mean, some people find that their completely natural state, sure, but most of the way we view the topic is due to societal expectation. Throughout history, the powerful have had mistresses or consorts or even kept harems, there have been entire societies that practiced polygamy at all levels, and various forms of consensual non-monogamy have been practiced more-or-less in secret for centuries even in "modern" culture. If you think you can truly be your partner's everything, the only one they'll ever need to provide everything they desire, then (statistically speaking) you're delusional. I'm not saying that justifies lying and cheating any more than the DMCA and eternal copyrights justify pirating music, but it does mean you shouldn't be surprised when it happens, and that you're better off changing the rules and saving everybody - yourself included - the anguish.

          Cheating may feel inhumane, but it is very, very human.

          • Re:Yeah, right. (Score:5, Insightful)

            by AmiMoJo ( 196126 ) on Wednesday August 19, 2015 @03:19AM (#50345097) Homepage Journal

            I see marriage as a partnership between two people. Each gets a lot out of the marriage - stability, a family, a home, security, companionship etc. So refraining from cheating on your partner is just one of the sacrifices you have to make in exchange for that. Sure, you can agree not to be exclusive with each other and maintain the marriage, but going behind your partner's back when you know it will hurt them is not right.

            • Re:Yeah, right. (Score:4, Insightful)

              by DarkOx ( 621550 ) on Wednesday August 19, 2015 @06:52AM (#50345617) Journal

              Which is why this "marry who you love" narrative is so dangerous. Should you marry without love, probably not after all its going to be hard to do the right things in more trying times if you are not committed to the cause of being with your spouse. That said love is not enough.

              Marriage should deliver on those things you mention, - stability, a family, a home, security, companionship etc. It should be advantageous for both parties. To that end the partnership is a contract. Many of the benefits flow direct from the belief the other person will honor their commitments.

              If society allows marriages to be entered into or exited from lightly the benefits get watered down. So to say "going behind your partner's back when you know it will hurt them is not right" is a understatement. Not only are dealing great harm to that person by depriving them of something they have potentially made an enormous investment in when you have been married along time, its even bigger than the two of you (or three of you as the case may be). It harming society as whole.

              Honestly no-fault divorce should have never been a thing, and society should look down on adultery. Its really better for all of us. We need more shame and more shaming not less. If you don't want to commit don't get married its that simple.

            • I see marriage as a partnership between two people. Each gets a lot out of the marriage - stability, a family, a home, security, companionship etc. So refraining from cheating on your partner is just one of the sacrifices you have to make in exchange for that.

              It doesn't have to be a monogamous relationship to begin with. That's a societal construct designed to control people. It's only going behind their back if you have that kind of relationship to begin with.

              If you can't trust a happy partner who's having their needs met, how can you trust an unhappy one who isn't?

              • by AmiMoJo ( 196126 )

                Sure, I agree with you, as long as both parties are aware and happy with the situation it's fine.

          • Re:Yeah, right. (Score:5, Insightful)

            by Anonymous Coward on Wednesday August 19, 2015 @03:43AM (#50345151)

            the heartbreak from cheating is nothing compared to the enduring pain from the death of a loved one

            This is one of those generalisations that betrays a close to zero understanding of human emotion. Cheating and unexpected death are both often experienced in similar ways as losses: you had a strong bond with someone that was very important to you, and now suddenly you don't. The loved one has gone, and it's not relevant whether they've gone to the guy/gal the next town over, or six feet under.

            the powerful have had mistresses or consorts or even kept harems

            They've also waged brutal offensive wars and raped and pillaged. "The powerful" tends to be a fairly vicious standard to look up to - fortunately, most people don't.

            there have been entire societies that practiced polygamy at all levels

            Polygamy is not about cheating. There is nothing dishonest in everyone agreeing to a particular arrangement, whatever it is. In confounding two separate arguments, you're making polygamy look bad, even when you seem to want to make it look good.

            If you think you can truly be your partner's everything, the only one they'll ever need to provide everything they desire, then (statistically speaking) you're delusional.

            This is a ridiculous strawman, and you know it.

            Cheating may feel inhumane, but it is very, very human.

            This statement is vacuous. What does "human" mean here - that it's something humans can and sometimes do do? Then murder is "very, very human". It's certainly not inevitable for even a small minority to cheat. You don't want to be faithful to Bob? Go tell Bob!

          • Besides, humans aren't really wired very well for monogamy. I mean, some people find that their completely natural state, sure, but most of the way we view the topic is due to societal expectation. Throughout history, the powerful have had mistresses or consorts or even kept harems, there have been entire societies that practiced polygamy at all levels, and various forms of consensual non-monogamy have been practiced more-or-less in secret for centuries even in "modern" culture.

            You're talking about societies in which women had few to no rights compared to men.

            Cheating may feel inhumane, but it is very, very human.

            Agreed. But note well that while we are free to exercise non-monogamy, once we make a monogamy choice we are punished if we deviate from it. Sure, you can leave your wife/husband of 10 years if they decide not to "be okay" with your new choice to have many partners, but a divorce (for a man, anyway) is a very punitive experience.

            So, while you are correct that humans are monogamous, and it is also correct that we are not force

            • by Rei ( 128717 )

              Indeed, while it's interesting to note that while polygamy has been moderately common at times and in some societies throughout human history, polyandry is fairly rare, and true mixed polyamory very rare. And most cases of polygamy, there was no expectation that the wives would physically love each other, only that they'd get along and try not to be jealous of each other getting attention from their husband.

              Interestingly, the views toward children vary significantly between polygamy and polyandry. One of t

          • Re:Yeah, right. (Score:5, Insightful)

            by readin ( 838620 ) on Wednesday August 19, 2015 @08:02AM (#50345953)

            Oh, please. Cheating is bad, but "one of the cruelest and most inhumane things one person can do to another" is at risk of breaking my hyperboleometer.

            Let's see you build your life around a commitment and the other person breaks it. From the biological standpoint of a man you forgo all other chances to reproduce on the belief that you're partner will have your child and then you spend a huge portion of your life caring for that child and earning money to support that child. Then you find out it's not your child. You've been tricked into spending your whole existence serving the interests of another man. If you believe the theory of evolution you understand that you have been murdered for eternity.

            There are reasons men get jealous and why in most successful societies female infidelity incurs severe punishments, and why rape should also incur severe penalties.

        • by Viol8 ( 599362 )

          Don't have much life experience do you sonny. When you grow up you'll realise relationships arn't as black and white as you seem to think.

      • Funny how Slashdot's fierce Fighters for Privacy turn a blind eye when it's the NSA's private files getting leaked. But I guess the NSA "deserved" it because they were not being honest about what kind of information they were gathering... or something.

        Thugs are thugs whether they are murdering little babies or exposing dishonesty. A swift death is the best option for them.

    • by gl4ss ( 559668 )

      you would only need the credit card details to remove the account.

      now, who the fuck in their right mind would get on a site like that anyways? the site was probably just full of fake women anyways and fat men, if their business was to blackmail money from people to delete the account.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        > just full of fake women anyways

        One report I read said only 4% of the profiles were from women. I have three good friends that are male that each spent hundreds of hours on that site without ever meeting anyone. It wasn't any better than any other dating site I've seen, and considering I've done several marketing studies on them and worked for one, I know. All of these sites have very few actual women and lots of desperate men. Very, very few of the men ever even get a real response. It's sad how

    • Comment removed based on user account deletion
  • by Distan ( 122159 ) on Tuesday August 18, 2015 @11:32PM (#50344475)

    "Information wants to be free".

    The idea that AshleyMadison (or any other entity) would keep registration information private forever was laughable. My rule of thumb is that if I don't want what I do to be published all over the internet, then don't do it.

    • by alvinrod ( 889928 ) on Tuesday August 18, 2015 @11:38PM (#50344495)
      Information doesn't want anything. It's inanimate.

      I'm guessing you don't seek any medical attention or do any kind of banking as that kind of information is also stored in computers now. Either you have no problem with your medical or financial records being open for all to see, or outside of the occasional /. post, you encase your devices in tinfoil and retreat to a mountain cave. Or the third, more likely option, you' just haven't thought what you're saying all the way through.
      • by tezbobobo ( 879983 ) on Wednesday August 19, 2015 @12:32AM (#50344643) Homepage Journal
        You're right. Data hates when you give it anthropomorphic qualities. Also, when you take things too literally.
      • by TsuruchiBrian ( 2731979 ) on Wednesday August 19, 2015 @01:41AM (#50344857)

        "Information wants to be free" isn't meant to be taken literally. It's a metaphor for the fact that it is very hard to restrict access to information once a large enough number of people have already have access to it. It only takes one person to leak it, and the odds that no one will leak it goes to nearly 0 pretty quickly.

        So yeah, don't create or share any information with anyone unnecessarily if you don't want it leaked. The morality of violating someone's privacy is irrelevant, to the reality of the difficulty of restricting access to information.

        And yes, if I actually cared about keeping my medical information secret more than I cared about getting medical treatment, then I wouldn't get the medical treatment. Luckily, no one gives a shit about my medical records. Medical record are like genitals, everyone's got them. The same goes with financial records.

        • by AmiMoJo ( 196126 )

          I wouldn't be so sure that no-one is interested in your medical records. Your boss might be. Maybe it looks like you might need a lot of time off to fight cancer, or expensive treatment on the company health insurance, or maybe you or your partner is pregnant and likely want to leave.

          There have been incidents of people being stopped at borders because of their medical records too. There was a Canadian women a few years back who suffered from depression about a decade before trying to enter the US. Border se

  • by Greyfox ( 87712 ) on Tuesday August 18, 2015 @11:38PM (#50344493) Homepage Journal
    I just felt a strange disturbance in The Force, as if a million divorce lawyers suddenly yelled out "CHA-CHING!" and then... yelled out "CHA-CHING!" again!
    • Undoing accidental negative mod, was going for +1 Funny. :)
    • by cold fjord ( 826450 ) on Wednesday August 19, 2015 @12:51AM (#50344689)

      I just felt a strange disturbance in Di Vorce, as if a million divorce lawyers suddenly yelled out "CHA-CHING!" and then... yelled out "CHA-CHING!" again!

      FTFY

    • by CRC'99 ( 96526 )

      I just felt a strange disturbance in The Force, as if a million divorce lawyers suddenly yelled out "CHA-CHING!" and then... yelled out "CHA-CHING!" again!

      No no no - you've got it all wrong.... They're just backing up their database to 'the cloud'.

  • In other news (Score:4, Interesting)

    by Korbeau ( 913903 ) on Tuesday August 18, 2015 @11:44PM (#50344525)

    Ashley Madison rebrands itself as "Cheating Liar" dot com, reality show on the way.

  • The point of the hackers is not to point out the moral decay of society, but to point out that AM are really scammer, with the number of real males on the website greatly outnumbering the number of real women.
  • by x0ra ( 1249540 ) on Wednesday August 19, 2015 @01:01AM (#50344715)
    I have an account on AM with a phony identity, though, I never gave them any CC information. Let me finish to download the leak and I'll check if I'm in the leak :-)
  • From Ashley Madison's official email on the hack:

    It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the worl

    • by x0ra ( 1249540 )
      "Free"-thinkers are against the status-quo advocated by the business class propaganda. These hacktivist are a threat to AM business-model (ie. a scam). They are using the same FUD technique as lifelong politicians do to stay in power. I was really surprised by the form used in the message. It is very much binary. Us, law-abiding citizen, and them, criminals.
    • by garyok ( 218493 ) on Wednesday August 19, 2015 @02:00AM (#50344917)

      Parent fails English interpretation. The first sentence groups Ashley Madison members with other freethinkers as the subjects of illegal action. Freethinkers aren't the perpetrators, they're another class of victim roped in by the AM crowd to make out that hacking a cheaters website was just gosh-darned un-American.

      Of course, the hackers aren't doing this out a sense of morality. Quite the opposite in fact - they just want to stir shit up and cause havoc.

    • by DarkOx ( 621550 )

      I think Ashely Madison was trying to paint their clientele with the brush of being the freethinkers; you know because they are not bound by silly ideas like fidelity in marriage. That was how I read it anyway. I think it really is a rather naked attempt to make them and their customers into sympathetic figures.

      It fails to recognize the other person in the relationships they are helping to undermine. Their own logo and nature of the service offering betrays the fact that all of this has to happen in secr

    • It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities.

      According to this [freep.com], adultery is illegal in 21 of the 50 United States.

      Ashley Madison as at the very least being hypocritical, considering their business is probably guilty of criminal conspiracy for its actions in those states.

  • Now let me see the transactions of the other 2000 guys that use my credit card. Gonna be back in a while!
  • by Barny ( 103770 ) on Wednesday August 19, 2015 @02:45AM (#50345031) Journal

    Cheaters really should just suck it up. I mean, yeah it is their own stupid fault in cheating.

    Next lets go for the bot boxers, their servers should get hacked next, bring down all forms of gaming cheating!

    Wait, what do you mean this has nothing to do with computer games? Da fuq?

  • "...people should remember that it was possible for anyone to create an account using the name and e-mail address of other individuals."

    People should also remember it is very difficult to randomly generate a VALID credit card number.

    Sites like this use credit card numbers to "confirm" the age of the individual signing up (I know, I know, having access to Daddies' CC isn't proof of age, etc.).

  • This dump has already been called out as fake

    http://krebsonsecurity.com/201... [krebsonsecurity.com]

  • by NotDrWho ( 3543773 ) on Wednesday August 19, 2015 @09:01AM (#50346373)

    people should remember that it was possible for anyone to create an account using the name and e-mail address of other individuals

    See honey, even Slashdot acknowledges it! It was a hack. It could have been anyone using my email and credit card. They probably just got lucky on the penis length thing.

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...