Thread: Hackers Follow Through – Publish Ashley Madison “Cheater” Customer Details – 15,000 A

Hackers Follow Through – Publish Ashley Madison “Cheater” Customer Details – 15,000 Are Government/Military Email Addresses…

Posted on August 18, 2015 by sundance
32 million users of the cheating website now potentially exposed. Contract and business lawyers (morality clauses), divorce lawyers, corporate lawyers etc. will have a field day…. And the potential for blackmail is exponential.


(Via Wired) Hackers who stole sensitive customer information from the cheating site AshleyMadison.com appear to have made good on their threat to post the data online.

A data dump, 9.7 gigabytes in size, was posted on Tuesday to the dark web using an Onion address accessible only through the Tor browser. The files appear to include account details and log-ins for some 32 million users of the social networking site, touted as the premier site for married individuals seeking partners for affairs.

Seven years worth of credit card and other payment transaction details are also part of the dump, going back to 2007. The data, which amounts to millions of payment transactions, includes names, street address, email address and amount paid. AshleyMadison.comclaimed to have nearly 40 million users at the time of the breach about a month ago, all apparently in the market for clandestine hookups.

“Ashley Madison is the most famous name in infidelity and married dating,” the site asserts on its homepage. “Have an Affair today on Ashley Madison. Thousands of cheating wives and cheating husbands signup everyday looking for an affair…. With Our affair guarantee package we guarantee you will find the perfect affair partner.”

The data released by the hackers includes names, addresses and phone numbers submitted by users of the site, though it’s unclear if members provided legitimate details. A sampling of the data indicates that users likely provided random numbers and addresses, but files containing credit card transactions will yield real names and addresses, unless members of the site used anonymous pre-paid cards.

One analysis of email addresses found in the data dump also shows that some 15,000 are .mil. or .gov addresses.

The data also includes descriptions of what members were seeking. “I’m looking for someone who isn’t happy at home or just bored and looking for some excitement,” wrote one member who provided an address in Ottawa and the name and phone number of someone who works for the Customs and Immigration Union in Canada. “I love it when I’m called and told I have 15 minutes to get to someplace where I’ll be greeted at the door with a surprise—maybe lingerie, nakedness. I like to ravish and be ravished … I like lots of foreplay and stamina, fun, discretion, oral, even willingness to experiment—*smile*” (continue reading)

http://theconservativetreehouse.com/...ail-addresses/

How to see if you or your spouse appear in the Ashley Madison leak

By Caitlin Dewey August 19 at 11:02 AM


(AP Photo/Lee Jin-man)

When a team of hackers calling themselves “the Impact Group” claimed to break into spouse cheating site Ashley Madison last month, millions of users held their breaths: See, even though Ashley Madison confirmed there was a hack, no one had posted any actual user data yet.

That changed Tuesday evening, when the Impact Group published a 10-gigabyte trove of user data — including names, phone numbers, e-mail addresses and credit card fragments — to the Deep Web.

While Ashley Madison has not confirmed that the information is authentic, several security researchers have already said that it appears to be: Multiple users have independently confirmed that their names appeared in the leak.


A statement posted by the Impact Team on Aug 18.

But if you’re worried about appearing on the list, yourself, you don’t need to download Tor or scour Pirate Bay for the right Torrent. At least three sites are republishing Ashley Madison’s user data on the public-facing Internet.

CheckAshleyMadison.com, which went up overnight, will tell you if an e-mail address or phone number appears in the leaked files. (“Ashley Madison users who were in committed relationships were taking comfort in the fact that their significant others were not able to Torrent things,” the site’s creator told The Washington Post. “Our site upsets that in making it easier for people to find out if their spouse was a part of the site.”)

Trustify, a sort of Uber for private eyes, said in a statement that it was also updating its hacked-e-mail search tool to add the Ashley Madison files.

[Was your spouse on Ashley Madison? A new breed of private eye wants to help.]

And Have I Been Pwned, a site that tracks major data breaches around the Web, just finished loading more than 30.6 million e-mail addresses into its database; unlike the other sites, however, Have I Been Pwned will only share data from the Ashley Madison leak with users who have verified their e-mail address with the service and subscribed for notifications.

In other words, Have I Been Pwned (HIBP) will not allow suspicious spouses, nosy co-workers or other passerby to see if someone else was an Ashley Madison user. It will only allow the actual user to check if his or her name was included in the leak.

It’s a novel response to a situation whose ethics remain enormously murky: If private data is hacked — particularly sensitive, compromising data — who is ultimately responsible for the consequences of that leak? Is it the site that failed to secure the data, the hackers who obtained it, the third parties who republished it, often for profit — or some combination of the three?

“There’s no escaping the human impact of it,” HIBP’s creator, Troy Hunt, wrote in a lengthy blog post explaining why the Ashley Madison data wouldn’t be searchable on his site. “The discovery of one’s spouse in the data could have serious consequences … I’m not prepared for HIBP to be the avenue through which a wife discovers her husband is cheating, or something even worse.”

In the meantime, the data dump has already yielded some intriguing insights into who actually used Ashley Madison: One analysis by the self-identified hacker @T0x0, posted Tuesday night to Pastebin, found more than 6,700 Army e-mail addresses in the leak, as well as 1,600 from the Navy, 104 from Virginia state government and 45 from the Department of Homeland Security.

While those numbers haven’t yet been confirmed — and while some of the e-mail addresses could certainly be faked — that’s in keeping with earlier findings from Ashley Madison, which has said that nearly 60,000 of its users are registered in the District of Columbia.

https://www.washingtonpost.com/news/...-madison-leak/

These are the Muppet personals found on Ashley Madison

Debra A. Klein
Open minded “roommates” on the DL seeking “friends.” Must be able to add and subtract.

The Georgia government domains found in the Ashley Madison data dump



A couple dozen workers in government offices

across Georgia may be perspiring more than usual today.The hackers behind July’s raid on the Ashley Madison dating/cheating website have dumped 10 gigabytes of wide-ranging data. From arstechnica.com:

Researchers are still poring over the unusually large dump, but already they say it includes user names, first and last names, and hashed passwords for 33 million accounts, partial credit card data, street names, and phone numbers for huge numbers of users, records documenting 9.6 million transactions, and 36 million e-mail addresses.
While much of the data is sure to correspond to anonymous burner accounts, it’s a likely bet many of them belong to real people who visited the site for clandestine encounters. For what it’s worth, more than 15,000 of the e-mail addresses are hosted by US government and military servers using the .gov and .mil top-level domains.

Which prompted us to make a quick scan of Ashley Madison accounts registered through email addresses with Georgia government domains. What we found:

— atlantaga.gov: 7
— augustaga.gov: 5
— dot.ga.gov: 3
— savannahga.gov: 3
— greenecountyga.gov: 2
— mariettaga.gov: 2
— cityofdalton-ga.gov: 1
— columbiacountyga.gov: 1
— dekalbcountyga.gov: 1
— fayettecountyga.gov 1
— glynncounty-ga.gov: 1
— meriwethercountyga.gov: 1
— pickenscountyga.gov: 1
http://politics.blog.ajc.com/2015/08...son-data-dump/

Hackers dump SECOND, even bigger batch of Ashley Madison records with taunting message to millionaire founder of 'cheating dirtbag' site

• Reports of a second wave of secret documents revealed from the hacked infidelity site
• Hackers 'the Impact Team' posted another huge tranche - amounting to 20GB of files - on the same dark web
• They boasted of the second wave directly to the beleaguered company's CEO multi-millionaire Noel Biderman
• 'Hey Noel, you can admit it's real now', the message read
• The company has refused to admit all the information that has been released came from their site
• First wave included 9.7 gigabytes of raw data including names, addresses, phone numbers and sexual fantasies of registered users
• University of Texas, Sony, Boeing and Bank of America all appear in domain names of alleged users posted online
• Government workers with sensitive White House, law enforcement and congress jobs have admitted using the site after being exposed
• Pentagon and FBI are now investigating the leak amid fears it provides potential for blackmail of government officials

Many federal customers appeared to use non-government email addresses with handles such as 'sexlessmarriage', 'soontobesingle' or 'latinlovers'.

Some Justice Department employees appeared to use pre-paid credit cards to help preserve their anonymity but connected to the service from their office computers.

Defense Secretary Ash Carter confirmed the Pentagon was looking into the list of people who used military email addresses. Adultery can be a criminal offense under the Uniform Code of Military Justice.

Several searchable databases of names, emails and sexual fantasies linked to the first data leak had to shut down within minutes of going live because they could not cope with demand from suspicious spouses.

The second appears to include personal information and emails of the CEO with folders entitled Noel Biderman.mail.
Other folders are titled mobile, product and design.

'The dump appears to contain all of the [CEO's] business/corporate e-mails, source code for all of their websites, mobile applications, and more,' researchers from TrustedSec wrote in a blog post published Thursday.

Another document shows the website were aware of the privacy dangers and discussed a potential security breach.
A file called 'Areas of concern – customer data.docx' a worker flagged potential hacking hazards.




User? A report claims that Josh Duggar (above with wife Anna and daughter Meredith) had multiple Ashley Madison accounts



+13


Apology: Josh Duggar made a public apology for living a 'double life' and being unfaithful after being named in the Ashley Madison leak

It comes as lists of email addresses - purporting to show registered users of the adultery site - have been shared across the web and in the controversial forum 4chan - without any evidence or means of validation.

Sony, Boeing and the United Nations are among those institutions whose domain names appear in the long lists of alleged users.

Bank staff also make regular appearances. Marketwatch counted up bank domain names to reveal 175 from Wells Fargo, 76 from Bank of America, 73 from Deutsche Bank, 51 from Citigroup, 45 from Goldman Sachs, 28 from PNC Bank, 15 at U.S. Bancorp, 14 at Bank of New York Mellon, nine at J.P. Morgan Chase and four at Capital One.

Dailymail.com has obscured the first names on those lists as it cannot be confirmed whether they appear in the leak's raw data or whether those emails were used by their owners in good faith or stolen by others to set up Ashley Madison accounts.

What the information does show is that the fall-out from the attack by the mysterious hacking group 'the Impact Team', and deemed legitimate by experts and Ashley Madison itself, will be felt for weeks, if not months, to come.

The first wave of personal and intimate information of the site's 37 million registered members was dumped in the 'dark web' late on Tuesday.

The dark web requires specific software for access and information it contains cannot be examined by regular search engines.

The first famous name to be embroiled in the scandal emerged yesterday, as Gawker claimed Josh Duggar was the owner of more than one account on the site where adulterers seek strangers for casual sex.

Duggar was allegedly looking for 'conventional sex, experimenting with sex toys, one-night stands, sharing fantasies, sex talk,' and more.

The site reported: 'Someone using a credit card belonging to a Joshua J. Duggar, with a billing address that matches the home in Fayetteville, Arkansas owned by his grandmother Mary - a home that was consistently on their now-cancelled TV show, and in which Anna Duggar gave birth to her first child - paid a total of $986.76 for two different monthly Ashley Madison subscriptions from February of 2013 until May of 2015.'

They also report that a second account was created in July 2013 'that was linked to his home in Oxon Hill, Maryland.'
Josh, 27, lived at this residence with his wife and children while working as a family values lobbyist for the Family Research Council in Washington DC.

Among the type of woman he was allegedly looking for, the profile said; 'naughty girl, aggressive / take charge girl, high sex drive and creative and adventurous.'

The disgraced 19 Kids and Counting star posted a public apology on the claims today.

He didn't admit he was a member of Ashley Madison but admitted being unfaithful to his wife and living a double life.f ch


+13


Popular: Information from the hack shows the geographic make-up of the site's membership. According to data analyst dadaviz.com, these are some of the most popular cities for users



+
Revealed: This is a new world map showing the locations of all the members of Ashley Madison cheaters outed by hackers - but most databases linked to the data have failed to cope with demand

He and his conservative Christian family are outspoken advocates of no sex or physical contact before marriage and have openly spoken out against abortion and divorce. Duggar married his wife Anna in 2008 - sharing their first kiss on the altar.
Between 2013 and 2015 he worked for the Family Research Council which promotes marriage and family values and opposes abortion, divorce and pornography.

He was forced to step down in May when a bombshell police report revealed he molested five children as a teen including four of his sisters.

He was never charged with a crime for the incidents as by the time police learned of the offenses the statue of limitations had passed, and his parents did not notify authorities in an official capacity after learning about their son's actions.
As a result TLC cancelled their hugely popular reality show.

'I have been the biggest hypocrite ever. While espousing faith and family values, I have secretly over the last several years been viewing pornography on the internet and this became a secret addiction and I became unfaithful to my wife,' he said.
'I am so ashamed of the double life that I have been living and am grieved for the hurt, pain and disgrace my sin has caused my wife and family, and most of all Jesus and all those who profess faith in Him.

'I brought hurt and a reproach to my family, close friends and the fans of our show with my actions that happened when I was 14-15 years old, and now I have re-broken their trust.

'The last few years, while publicly stating I was fighting against immorality in our country, I was hiding my own personal failings.

'As I am learning the hard way, we have the freedom to choose to our actions, but we do not get to choose our consequences. I deeply regret all hurt I have caused so many by being such a bad example.

'I humbly ask for your forgiveness. Please pray for my precious wife Anna and our family during this time.'

Government workers contacted by the AP were similarly contrite.

'I was doing some things I shouldn't have been doing,' a Justice Department investigator said. Asked about the threat of blackmail, the investigator said if prompted he would reveal his actions to his family and employer to prevent it.
'I've worked too hard all my life to be a victim of blackmail. That wouldn't happen,' he said.

Louisiana GOP Executive Director Jason Doré was named and claimed he used the site for “opposition research.”

Doré told NOLA.com that an account with his name and credit card information was used by his law firm, Doré Jeansonne.
He did not reveal on whose behalf he had accessed the site.

'As the state's leading opposition research firm, our law office routinely searches public records, online databases and websites of all types to provide clients with comprehensive reports,' he said.

'Our utilization of this site was for standard opposition research. Unfortunately, it ended up being a waste of money and time.'




+13






Embarrassment: Boeing and Bank of America also appeared in the email addresses of supposed users



Corridors of power: A list of apparent United Nations employees were also revealed to be users of the site

In the UK, married Edinburgh MP Michelle Thomson found her email among the leaked names.

She insists it is an out-of-use address that must have been registered in a smear campaign.

WILL ASHLEY MADISON BE SUED BY MEMBERS OUTED AS CHEATERS?

Ashley Madison could be sued by millions of members outed by hackers, lawyers have said.

Data protection specialist Paula Barrett, from Eversheds, believes there may be a rush for 'no-win no fee' cases as firms rush to cash in on the shame.

She told the Financial Times: 'It would not surprise me if people came forward to bring claims against Ashley Madison'.
Those who had accounts set up maliciously by enemies anmay also have grounds to sue.

A woman from the St. Louis, Missouri, identified in court papers as 'Jane Doe,' filed a federal lawsuit against Avid Life just days after the breach became public, saying that she had paid the website a $19 fee to permanently delete her information.
The hackers have claimed that the information of people who paid the fee never actually was deleted, citing it as one of their reasons for the attack.

Others say, however, people may not want to go to court because they would be confirm they were on the 'cheat list'.

One web developer who helped publish the data after it was released said: 'To Ashley Madison's development team: You should be embarrassed for your train wreck of a database (and obviously security), not sanitising your phone numbers to your database is completely amateur, it's as if the entire site was made by students.'

The scandal threatens to expose the affairs of members who purportedly walk the highest corridors of power.
Only 2.3 million are considered 'active' users of the site but the hack includes names and details of anyone who has ever registered - even if they didn't use the services to have a full-blown affair or quit their philandering ways years ago.
Up to 15,000 names among the raw data are listed from email addresses with the domain names .mil or .gov - the official addresses of U.S government and military employees.

Ashley Madison admits it doesn't verify email addresses so some are known fakes

Barack Obama and Tony Blair are among the fake names and email addresses that have already been exposed. However, several emails are legitimate.

The case has prompted many experts to remind employees about the dangers of using work addresses for private enterprise.

Will Schwalbe, co-author of SEND: Why People Email So Badly and How to Do It Better, told Time that email is 'the single most dangerous piece of equipment in the office'.

'The danger of using work email for personal business is that, if there’s some kind of legal issue that comes up at your workplace involves having to investigate emails, then every single thing you’ve done with your email work address is fair game,' he added.

World maps show the extent of the scandal with the U.S. among the worst affected given the sheer number of users signed up to the controversial date site.

Washington D.C., Houston, New York and Chicago are some of the cities with the largest number of users.

In May, the Washington Post reported that D.C. had the highest rate of membership on the site for the third year running and Capitol Hill was the neighborhood with the highest number of new recruits.

Many have made fun of the hack with memes springing up online showing sweating husbands and jubilant divorce lawyers, but there are also serious implications for the revelations.

The French leak monitoring firm CybelAngel said it counted 1,200 email addresses in the data dump with the .sa suffix, suggesting users were connected to Saudi Arabia, where adultery is punishable by death.

One wrote online under the title 'I May Get Stoned to Death for Gay Sex and wrote: 'I am from a country where homosexuality carries the death penalty.

'I BEG you all to spread this message. Perhaps the hackers will take notice of it, and then, I can tell them to (at the very least) exercise discretion in their information dump (i.e. leave the single gay arab guy out of it). As of now, I plan on leaving the Kingdom and never returning once I have the $ for a plane ticket. Though I have no place to go, no real friends, and no job.'




+13


Warning: Impact Team say Ashley Madison members should not have anonymity because they are 'cheating dirtbags' and deserve no such discretion' as they published the data in full



+13


Tongue in cheek: This viral adapts an Ashley Madison advert to reflect the fact that millions of anonymous users are no longer able to keep their membership a secret

Read more: http://www.dailymail.co.uk/news/arti...#ixzz3jRmTsUJ6
Follow us: @MailOnline on Twitter | DailyMail on Facebook

Cheating website subscribers included WH, Congress workers

Aug 20, 4:45 PM (ET)

By JACK GILLUM and TED BRIDIS

WASHINGTON (AP) — Hundreds of U.S. government employees —
including some with sensitive jobs in the White House, Congress and law enforcement agencies — used Internet connections in their federal offices to access and pay membership fees to the cheating website Ashley Madison, The Associated Press has learned.

The AP traced many of the accounts exposed by hackers back to federal workers. They included at least two assistant U.S. attorneys; an information technology administrator in the Executive Office of the President; a division chief, an investigator and a trial attorney in the Justice Department; a government hacker at the Homeland Security Department and another DHS employee who indicated he worked on a U.S. counterterrorism response team.

Few actually paid for their services with their government email accounts. But AP traced their government Internet connections — logged by the website over five years — and reviewed their credit-card transactions to identify them. They included workers at more than two dozen Obama administration agencies, including the departments of State, Defense, Justice, Energy, Treasury, Transportation and Homeland Security. Others came from House or Senate computer networks.

The AP is not naming the government subscribers it found because they are not elected officials or accused of a crime.

Hackers this week released detailed records on millions of people registered with the website one month after the break-in at Ashley Madison's parent company, Toronto-based Avid Life Media Inc. The website — whose slogan is, "Life is short. Have an affair" — is marketed to facilitate extra-marital affairs.

Many federal customers appeared to use non-government email addresses with handles such as "sexlessmarriage," "soontobesingle" or "latinlovers." Some Justice Department employees appeared to use pre-paid credit cards to help preserve their anonymity but connected to the service from their office computers.

"I was doing some things I shouldn't have been doing," a Justice Department investigator told the AP. Asked about the threat of blackmail, the investigator said if prompted he would reveal his actions to his family and employer to prevent it. "I've worked too hard all my life to be a victim of blackmail. That wouldn't happen," he said. He spoke on condition of anonymity because he was deeply embarrassed and not authorized by the government to speak to reporters using his name.

The AP's analysis also found hundreds of transactions associated with Department of Defense networks, either at the Pentagon or from armed services connections elsewhere.

Defense Secretary Ash Carter confirmed the Pentagon was looking into the list of people who used military email addresses. Adultery can be a criminal offense under the Uniform Code of Military Justice.
"I'm aware it," Carter said. "Of course it's an issue because conduct is very important. And we expect good conduct on the part of our people. ... The services are looking into it and as well they should be. Absolutely."

The AP's review was the first to reveal that federal workers used their office systems to access the site, based on their Internet Protocol addresses associated with credit card transactions. It focused on searching for government employees in especially sensitive positions who could perhaps become blackmail targets. The government hacker at the Homeland Security Department, who did not respond to phone or email messages, included photographs of his wife and infant son on his Facebook page.
One assistant U.S. attorney declined through a spokesman to speak to the AP, and another did not return phone or email messages.

A White House spokesman said Thursday he could not immediately comment on the matter. The IT administrator in the White House did not return email messages.

Federal policies vary for employees by agency as to whether they would be permitted during work hours to use websites like Ashley Madison, which could fall under the same category as dating websites. But it raises questions about what personal business is acceptable — and what websites are OK to visit — for government workers on taxpayer time, especially employees who could face blackmail.

The Homeland Security Department rules for use of work computers say the devices should be used for only for official purposes, though "limited personal use is authorized as long as this use does not interfere with official duties or cause degradation of network services." Employees are barred from using government computers to access "inappropriate sites" including those that are "obscene, hateful, harmful, malicious, hostile, threatening, abusive, vulgar, defamatory, profane, or racially, sexually, or ethnically objectionable."

The hackers who took credit for the break-in had accused the website's owners of deceit and incompetence, and said the company refused to bow to their demands to close the site. Avid Life released a statement calling the hackers criminals. It added that law enforcement in both the U.S. and Canada is investigating and declined comment beyond its statement Tuesday that it was investigating the hackers' claims.

http://apnews.myway.com/article/2015...29e9627bf.html
---

Are the hackers going to put all of the cheaters names on the Sex Offenders list in every state now?