Ashley Madison suffered a breach a number of months ago. The hackers called “Impact Team” stated that if Ashley Madison didn’t shut down, it would expose the databases and information hacked from the popular online cheating site. Today it appears that promise came true and Ashley Madison did not buckle or shut down.
The database dump appears to be legitimate and contains usernames, passwords, credit card data (last four), street addresses, full names, and much much more. It also contains an extensive amount of internal data which looks like the hackers had maintained access to their environment for a long period of time.
This included a full domain dump of corporate passwords (NTLM hashes) of the Windows domain of the company, PayPal accounts and passwords for the company, internal only documents, and a ton more. The biggest indicators to legitimacy comes from these internal documents, much containing sensitive internal data relating to the server infrastructure, org charts, and more. This is much more problematic as its not just a database dump, this is a full scale compromise of the entire company’s infrastructure including Windows domain and more.
So far, it looks like around 33 million usernames, first names, last names, street addresses, and more are impacted by this breach.
The dump itself – 10 gigs COMPRESSED. For folks that may not know, that is massive. Huge.
Regardless of ethics, this is a massive data breach where attackers had full and maintained access to a large percentage of Ashley Madison’s organization undetected for a long period of time. Ashley Madison has not commented on the original source of the breach, how it occurred, or how they were compromised.
This dump appears to be legit. Very, very legit.
Special thanks to the force team at TrustedSec for their quick analysis. Martin Bos, Justin Elze, Scott White, Adrian Crenshaw, and Dave Kennedy.
Author: David Kennedy
Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.