Ashley Madison Data Breach

In July 2015, a group calling itself “The Impact Team” stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The group copied personal information about the site’s user base and threatened to release users’ names and personally identifying information if Ashley Madison would not immediately shut down. On 18 and 20 August, the group leaked more than 60 gigabytes of company data, including user details.

When and How Was Ashley Madison Hacked

Impact team hacking was responsible for the Ashley Madison breach on July 12, 2015. The employees of Avid Life Media (the parent company for Ashley Madison) logged into the system to find the AC/DC song “Thunderstruck” playing with a threat to shut down the site along with its sister site Established Men or they would release company and customer data. They gave them 30 days to shut things down. Instead, Ashley Madison alerted the authorities and processed an internal investigation. In August of 2015, the hacker group responsible for Ashley Madison leaked all 32 million users’ data, including government, military, and corporate user’s email addresses, IP addresses, home addresses, credit card records, and even deleted users’ accounts.

The First Major Leak

On August 18, after the 30-day ultimatum had elapsed and the websites were still running, the hackers posted “Time’s up” on the dark web together with a BitTorrent tracker file cryptographically signed with a PGP key.

The tracker file was actually a compressed 10 GB file that contained usernames, passwords, home and email addresses, height, weight, sexual fantasies, the last four digits of credit card numbers and even GPS coordinates of millions of users as well as passwords for the site’s Windows domain, and PayPal account details of executives of the company.

The Second Major Leak

The second dump was on August 20, two days after the first. This data dump was quite different from the first in that it mostly contained the company’s internal Data, including a 19GB file of ALM’s CEO Noel Biderman’s emails, and Ashley Madison’s website source code.

The Third Major Leak

The Impact Team served a third-round of dumps. The leaked data included a list of government emails used to create user profiles, mailing addresses, IP addresses, the total amount spent on on-site purchases, and signup dates.

Fallout of the Hack

Users with leaked information were targeted after the cyberattack. Josh Duggar, a reality TV star and Christian YouTube Sam Radar were among those that suffered public disgrace.

Numerous search websites popped up that allowed people to search for the emails of their colleagues or spouses. Some individuals and companies blackmailed users. Others received extortion emails requesting for bitcoin.

Customers of the website also suffered great psychological consequences resulting from the hack. Having to deal with an affair publicly hurt the victims as well as their spouses and children. A good number of those affected sank into depression and anxiety. Tragically, two suicides were traced to the hack, one of a pastor and professor at the New Orleans Baptist Theological Seminary.