Last month a team of hackers called “the Impact Group” had claimed to break into the popular cheating site, Ashley Madison. While millions of users and divorce lawyers waited to see if the group had indeed successfully hacked the Ashley Madison site, the website released a statement claiming there was a hack, but no one had posted any actual user data yet.
To read the full background on the Ashley Madison hack click here.
Everything changed on Tuesday evening, when the Impact Group published a 10 gigabyte file which included names, phone numbers, e-mail addresses and some credit card fragments.
To view a partial list of Ashley Madison emails from this file click here.[embeddoc url=”http://blog.tavorro.com/wp-content/uploads/2015/08/Ashley-Madison-Emails.pdf” download=”all” viewer=”google”]
The Ashley Madison website has yet to confirm that the information is authentic, however, several security researchers have already said that it appears to be valid data. Multiple sites have independently confirmed with actual Ashley Madison users that their names appeared in the leak. Several security researchers have cautioned that Ashley Madison did not validate email addresses. so many of the alleged government emails could be fake. For those people who actually had their information compromised, the consequences could be quite significant. In addition to the potential embarrassment, digital scammers could profit off of the Ashley Madison detailed profiles, which include full names, addresses, partial credit card information and physical details such as height and weight.
How Can I Check to See If My Email is On the Ashley Madison List?
There were 4 sites you could use to check to see if your name or your spouses name appeared on the list. One of the websites, CheckAshleyMadison.com was taken offline on Wednesday after receiving a take-down request from Ashley Madison’s legal team under the Digital Millennial Copyright Act. The Ashley Madison lawyers are using the copyright provision to take down as much of the leaked information as they can. Have I Been Pwned, Trustify and Ashley.cynic.al are all sites you can currently use to check to see if your name is on the list.
Of the three, Ashley.cynic.al is the easiest to use. Ashley.cynic.al was purportedly created by the same person behind the Adobe leaked password checker, and enables visitors to search for email addresses contained within the dump.
Have I Been Pwned, is a site that tracks major data breaches. Unlike the other two sites, Have I Been Pwned will only share data from the Ashley Madison leak with users who can verify their e-mail address with the service. Have I Been Pwned (HIBP) states that their service “will not allow suspicious spouses, nosy co-workers or random curious individuals to see if someone else was an Ashley Madison user. They will only allow the actual user to check if his or her name was included in the leak.”
Trustify, said in a statement that it was also updating its hacked-e-mail search tool to add the Ashley Madison files.
One security researcher, Per Thorsheim, claimed on Twitter to have found active credit card data within the dump and this has since been confirmed.
AM breach: credit card listed in breach is *STILL VALID* and in “daily” use. AMEX/VISA/MC has got work to do now…. cc @DavidGoldmanCNN
— Per Thorsheim (@thorsheim) August 18, 2015
Note: As the Ashley.cynic.al site states, the presence of an email account in the Ashley Madison database does not 100% mean the owner of that email address signed up for an account. In response to some queries, the ashley.cynic.al website tells users that “the email address was not verified by the account owner, so it may not be a genuine account.
Users on sites like Reddit and Twitter have already begun confronting certain people who have appeared on the list published on Tuesday. Divorce lawyers are reporting an increase in calls to their offices. The full impact of this hack will not be known for some time. Hopefully, the Ashley Madison hack will remind everyone that no ‘secrets’ are safe online.