back to article Adulterers antsy as 'entire' Ashley Madison databases leak online

Hackers at the Impact Team have apparently carried out their threat to publish the customer databases of Ashley Madison – a hookup website designed for those who want to cheat on their partners. In July, the hackers announced that they had successfully scraped the servers of Ashley Madison, and its sister site Established Men …

  1. Anonymous Coward
    Anonymous Coward

    True - but unlikely

    Mr Cluley is correct that these guys could have inserted some false information, but for the majority of people this would be very unlikely. Firstly, there is nothing in it for them, and secondly that would be too much work.

    I would imagine that most people using these sites would use at least some level of deception (it is an adultery site after all) and use pseudonyms. So, if there is an e-mail address that you recognise, then chances are that the owner was a client.

    1. Drem

      Re: True - but unlikely

      I think that the point was more that someone else could easily have signed you up (including using your email address) without your knowledge, as there were no checks that the email address used was either correct, or belonged to the person opening the account. there may therefore be people who have genuinely never heard of the site, who have been signed up for it, and it looks to all of the world like they did it themselves, rather than someone else did it (as a prank, as part of a stag do, etc.). Here's Graham Cluley on just that - https://grahamcluley.com/2015/07/ashley-madison-fake/

      1. Anonymous Coward
        Anonymous Coward

        Re: True - but unlikely

        So somebody used somebody else's email address, and yet the person who owns the email address, just simply ignored or deleted all of the emails that AM sent them?

        I find that hard to believe...

        1. Drem

          Re: True - but unlikely

          Maybe, but don't forget that prior to the hack, Ashley Madison where charging $19/£15 (I think) to remove account details fully, otherwise they kept your data, even if you closed the account (AFAICT).

          Also, how many of their emails hit spam filters, or where flagged as spam by unsuspecting people who where signed up by others?

        2. Old Handle

          Re: True - but unlikely

          Oddly enough, just yesterday I got a whole bunch of emails from match.com (not quite as scandalous, I know), which I definitely never signed up for.I unsubscribed right away, but I suppose that didn't actually delete the account. So if they ever get hacked my email will be in there.

          1. AegisPrime
            Thumb Down

            Re: True - but unlikely

            I've had this - some slimeball's using your email address for a bogus account (normally to con people) - go to the match.com login page and reset the password - it'll send you the login details and you can close down the account yourself.

          2. Anonymous Coward
            Anonymous Coward

            Re: True - but unlikely

            Oddly enough, just yesterday I got a whole bunch of emails from match.com (not quite as scandalous, I know), which I definitely never signed up for.I unsubscribed right away, but I suppose that didn't actually delete the account. So if they ever get hacked my email will be in there.

            I'd be careful about unsubscribing. I've come across quite a lot of emails of late which were not what they appeared, and in that case, attempts to unsubscribe will only validate your address as live, and thus increase its resale value. You'll end up with *more* junk, not less.

            A friend of mine is presently suffering from an attack that is probably the result of a Yahoo hack as it's using parts of what appears to be her address book to make the email appear valid to others.

            1. Paratrooping Parrot

              Re: True - but unlikely

              I had the same problem with my yahoo email address book. They somehow managed to hack it. Luckily the "iphone user" sent me an email as well. So, I replied without that address to the recipients to warn them not to click.

              I use the Android Yahoo Mail client. I changed the password.

            2. Wzrd1 Silver badge

              Re: True - but unlikely

              As I recall from previous reporting, there were monthly fees collected.

              If they don't store credit card information, *how* do they manage to collect those fees? Telepathy?

              Frankly, this sounds like some malcontent that was given the sack and seeks vengeance.

              His name is known, from temp employee records. Currently, a criminal case is being built upon him.

              The rest is beyond my security clearance level. Some importance is due to military e-mail addresses, which will not be discussed at all.

              Here's an interesting notion, how many names were harvested that are security researchers? I'd expect at least on hundred at least.

              1. g e

                Re: True - but unlikely

                Card co's will let you store a unique token which is associated with a card within the Card Co's sytems so you have not personal card data to hold. That's one way of potentially rebilling without having the card details.

              2. d3vy

                Re: True - but unlikely

                "If they don't store credit card information, *how* do they manage to collect those fees? Telepathy?"

                Several ways really - from Direct debit to Paypal recurring payments - neither of which require them to store the credit card data.

          3. Jedit Silver badge
            Boffin

            "emails from match.com ... which I definitely never signed up for"

            Match.com bought OKCupid a little while ago. If you had a profile there they may be trying to persuade you onto the paid service.

          4. anonymous boring coward Silver badge

            Re: True - but unlikely

            If you unsubscribe when you get an unsolicited email, you verify that the used email address is in use. Which is exacly why the email was sent in the first place. Never do anything except delete email you don't recognise. Certainly don't open them, and most certainly don't load any embededd images etc. Or, worst of all, respond or reply to them.

            1. Anonymous Coward
              Anonymous Coward

              Re: True - but unlikely

              I find the easiest way of reducing SPAM is to set up an automatic reply for unknown addresses with my bank details, credit card details, my date and place of birth, my mothers maiden name, and all my pets names.

              I have yet to get multiple SPAM messages from one sender, although I do get occasional queries about the pronunciation of my name.

              Signed

              Callia Dapolicenow

        3. Anonymous Coward
          Anonymous Coward

          Re: True - but unlikely

          Have you ever gotten email from one of these "hookup" sites - or ANY dating site for that matter? Of course you have. Does that mean you had an account there? Of course not. The messages were spam and you deleted them, maybe even created a filter if they got too obnoxious, and then ignored them.

          So if you ignored them, why do you find it hard to believe that others do the same?

          1. Mike Taylor

            mi.taylor@elsevier.com

            Absolutely - I get loads of emails purporting to be from dating sites, and I spam them. Nothing from "Established Man" though, I guess because I work in IT...

        4. Fred Flintstone Gold badge

          Re: True - but unlikely

          So somebody used somebody else's email address, and yet the person who owns the email address, just simply ignored or deleted all of the emails that AM sent them?

          Well, either they did, or their spam filter. It's not impossible IMHO.

        5. Tom_

          Re: True - but unlikely

          Seriously? What could look more like spam than an email from a dating site you've never heard of?

          1. e^iπ+1=0

            Re: True - but unlikely

            "Seriously? What could look more like spam than an email from a dating site you've never heard of?"

            Um, maybe something like:

            'Investment opportunities

            PPI - you have a case

            Your (Windows) computer is infected with a virus

            ...

            Bootifull ladee want fun time

            I have $100m (one hundered meelion dollas) I must move from maah cuntry. I am happee to pay u a coommiission of ...'

            I think I've been on the receiving end of quite a lot of spam.

            Tyvärr.

            I only really check my spam folder frequently when there's a mail I've been expecting which is overdue. Much of the content therefore goes sadly unread.

        6. This post has been deleted by its author

          1. Anonymous Coward
            Anonymous Coward

            Re: True - but unlikely

            Journalists elsewhere are already gloating that there are 130 .gov.uk email addresses in the database. The fake address information is not making it through.

            http://order-order.com/2015/08/19/government-adulterers-exposed/

            Anon because I don't want to be associated with the GF website.

        7. anonymous boring coward Silver badge

          Re: True - but unlikely

          I delete all email that I don't know what it is without even bothering to open them to have a look. As would probably most people. One just assumes it's yet another fishing attempt.

          So, no, very likely.

        8. Chris Hunt

          Re: True - but unlikely

          Don't you "simply ignore or delete" spam that comes to you? Mail that purports to come from some dubious dating site that you never signed up for sounds pretty spammy to me. I certainly wouldn't have done anything more with it if it had come to me.

        9. Michael Wojcik Silver badge

          Re: True - but unlikely

          So somebody used somebody else's email address, and yet the person who owns the email address, just simply ignored or deleted all of the emails that AM sent them?

          I'd never heard of Ashley Madison before this story broke. If I'd received emails from them they would likely have gone straight to the spam filter.

      2. Anonymous Coward
        Anonymous Coward

        Re: True - but unlikely

        Priming his alibi?

      3. Trigonoceps occipitalis

        Re: True - but unlikely

        "shonky practices"

        Ah, plausible deniability

    2. Anonymous Coward
      Anonymous Coward

      Re: True - but unlikely

      So, if there is an e-mail address that you recognise, then chances are that the owner was a client.

      Really? So someone doing something dodgy is naturally going to use their own day to day email address for this in a world replete with free email accounts? I'm not buying (nor the service, but I digress). I'm also intrigued by the 2 out of 3 hacks (apparently the hackers they left one "service" alone) - that doesn't add up.

      Whether I like this service or not is immaterial, they did give the right answer to blackmail: piss off (or they will be back, and back again, forever). But they should have taken care of their security a lot more - you keep gold like that at least two layers away from a public interface (and even that you strip down to the bare minimum).

      1. Cuddles

        Re: True - but unlikely

        "Really? So someone doing something dodgy is naturally going to use their own day to day email address for this in a world replete with free email accounts?"

        Yes, of course. People are stupid. The vast majority of people will sign up to any and every site using the same email address and same extremely weak password, and they don't suddenly become genius techies just because they're trying to cheat on their partner.

    3. Anonymous Coward
      Anonymous Coward

      Re: True - but unlikely

      Why would anyone trust anything Raja Bhatia has to say on this? He's the founding CTO of a company whose whole business model is based on customers dishonesty. And he's trying to stave off lawsuits and keep the revenue flowing. So of course he's going to say whatever he can to cast doubt on the authenticity of the data dump. The same goes for anything anyone from Avid Life Media or Ashley Madison has to say - they have zero credibility.

    4. Anonymous Coward
      Anonymous Coward

      Re: True - but unlikely

      i've been seeding the dump file at around 50 MB/s all afternoon. fuck 'em.

  2. Dr Scrum Master

    The real issue

    Surely the real issue is continuing to be ignored, namely that Ashley Madison is such an awful name.

    1. Anonymous Coward
      Anonymous Coward

      Re: The real issue

      Ashley Madison is such an awful name.

      Well, not that I'm an expert or anything, but it sounds just like a porn star(let) name to me.

      1. User McUser
        Coat

        Re: The real issue

        sounds just like a porn star(let) name to me.

        So clearly they lived on Madison street, but who names their first pet "Ashley"?

    2. This post has been deleted by its author

    3. Jedit Silver badge

      "Ashley Madison is such an awful name"

      They chose it based on commonality of use. I forget if it was just the two most popular girls names that year or the names most commonly used by women being anonymous, but you could probably Google it.

  3. Mark 85

    Fake accounts or not...

    Cue the divorce lawyers. I'm expecting to see quite a bit of lawyer spam now.

    1. Pascal Monett Silver badge

      Not to mention spam of the "Your name has been found on the list, click here to clear it" kind.

  4. John Tserkezis

    "This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities"

    Sure, the same "freethinking people who choose to engage in fully lawful online activities" are there for the single reason to cheat on their other halves... It is "lawful" after all.

    1. Anonymous Coward
      Anonymous Coward

      "This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities"

      Sure, the same "freethinking people who choose to engage in fully lawful online activities" are there for the single reason to cheat on their other halves... It is "lawful" after all.

      lawful <> morally correct

      Be careful not to have these two mixed up, because you otherwise validate privacy invasion being justified by catching bad guys as well. The hack is criminal, regardless of you liking what this site was doing or not.

    2. h4rm0ny

      >>"Sure, the same "freethinking people who choose to engage in fully lawful online activities" are there for the single reason to cheat on their other halves... It is "lawful" after all."

      Leaving aside all the people who may have signed up just looking for no strings attached sex without actually having a partner to cheat on or before they met someone; and leaving aside all those who may have signed up with their partner's awareness or together; and leaving aside those who signed on just to look at the profiles for solitary gratification or fantasy; and leaving aside all those who thought about it and then didn't go through with it... Well anyway, leaving aside all those people your comment wouldn't apply to but who will still suffer through this, there's the simple fact that two wrongs don't make a right.

      An affair can be painful and damaging enough. What these hackers have done has been to make it far worse for many, many people. Imagine your partner has had an affair. You might deal with that in a variety of ways but very few of them are made better by having your co-workers see your partner's name on a database and announce it. Marriages (or any equivalent) are complicated enough without clear black and whites in many cases. It wasn't these hacker's privilege to get to spread deeply personal information around the world and it's certainly not your position to judge people whose circumstances you don't know for being on this list. This remains a criminal act AND an immoral one on the part of the hackers and they should be caught and dealt with appropriately.

      All other sentiments belong in the Daily Mail.

      1. Mpeler
        Paris Hilton

        two wrongs don't make a right

        Yep, however there is this little thing called "karma", "what goes around comes around", or, from days gone by, "comeuppance". Gives a whole new meaning to a .zip archive (as in, "zip it up").

        As usual, the ones who lose in this case are the kids, who were probably "losing" already, from a family point of view.

        Sad. No winners in this one, except to get people thinking about internet privacy, etc.

        <tinfoil hat> Wonder what (...) is trying to hide? This scandal should distract people.</tinfoil hat>

        Paris. She's looking into it too...

    3. Wzrd1 Silver badge

      John, why, you're absolutely right! Fuck all rule of law, cue in the Sharia courts you desire.

      Either we have law and order or we have mayhem.

      I happen to be exceptionally good in either environment.

      I *prefer* law and order over mayhem, but I can do mayhem.

      So, what do you desire? Law and order or rule of the mob?

      1. Anonymous Coward
        Anonymous Coward

        Can't we have mob rule?

        Sorry, am I confusing matters? :)

      2. Anonymous Coward
        Anonymous Coward

        Well-made point ruined by the ITG silliness that followed...

        "Either we have law and order or we have mayhem. I happen to be exceptionally good in either environment."

        Your ideas are intriguing to me, and I wish to subscribe to your newsletter. :-)

      3. Anonymous Coward
        Anonymous Coward

        >Either we have law and order

        Ok can we try to make it somewhat the same based on your income or color of skin then?

      4. Anonymous Coward
        Anonymous Coward

        Mayhem - your experience is obviously playing GTA5 and the movie in your head.

    4. Yet Another Anonymous coward Silver badge

      It wasn't the cheating that the hackers were objecting to it was AM's blackmail business model.

      They (AM) were charging customers who had closed their accounts a fee to delete the personal data.

  5. Anonymous Coward
    Anonymous Coward

    anon obviously

    Very few people that I know on these sites use their real names or provide any genuine details - most of the time all the "information" that they post is wildly inaccurate. For example - a good looking, 35 yo executive with 280k income weighing 165lbs will be 55 yo, out of work and about 280 lbs and bald.

    And impotent.

    1. Anonymous Coward
      Anonymous Coward

      Re: anon obviously

      Bitter experience?

    2. jonathanb Silver badge

      Re: anon obviously

      If they have card and billing details, they are more likely to be real.

      1. Bloakey1

        Re: anon obviously

        "If they have card and billing details, they are more likely to be real."

        Yes but from what site? Argos or Costco perhaps?

        1. Anonymous Coward
          Anonymous Coward

          Re: anon obviously

          "Yes but from what site? Argos or Costco perhaps?"

          OPM. They acquire *all* information on those to be cleared.

          Which does make interesting and amusing reading.

        2. Version 1.0 Silver badge
          Devil

          Re: anon obviously

          Card details don't mean anything - I don't know about the UK but in the US you have pre-paid cards - like gift cards - that are effectively credit cards for a month or until you spend them.

          I would expect that anyone looking for anonymity would pay for the service via a store bought card to eliminate the paper trail - if they didn't before, I'd bet they will next time.

      2. Anonymous Coward
        Anonymous Coward

        Re: anon obviously

        If they have card and billing details, they are more likely to be real.

        Credit Card numbers have a checksum, which makes it computationally simple to generate valid credit card numbers. Then there exists "corrupt" CC-gateway providers which can be used to check if there is a valid account in the other end - reserve 0.01 USD, if it works, then the CC-number is good.

        When enough numbers are accumulated, do a bulk-sign-on to pr0n site one happens to control. Keep the charges low, below USD 4.00, then it is likely that it will take a while before the charge is noticed - it takes typically 3 months from the charge going on the card and the money arriving in your merchants account - and most credit card issuers have a minimum of 5.00 USD for fraud detection. The pr0n site can draw out the time by claiming that the card-holder signed up for the service.

        In my experience, he fastest (only?) way to get off that scam is to report the card stolen.

    3. Bloakey1

      Re: anon obviously

      "And impotent."

      It sounds like you would need to be very impotent <sic> to be on the VIP web site.

      Who is to say that it is not a load of old rubbish scraped from elsewhere and posted as coming from this kind of site? Someone might be trying to stir up some social perturbation.

      Stand by for viral postings from Twook and Facebitter telling women / men to check if their man / partner is on the site. Job done, social armageddon imminent, but ohh the horror, think of the children.

      Armageddon out of here, toodle pip.

    4. Anonymous Coward
      Anonymous Coward

      Re: anon obviously

      >Very few people that I know on these sites use their real names or provide any genuine details

      First thing you learn about sigint is that it is forever and far more often than people think bits of seemingly unrelated information can be put together with enough time and money. As previously mentioned this is a dream come true for divorce lawyers and private investigators.

  6. Frumious Bandersnatch

    so if I get this right

    the list itself is adulterated? How ironic.

  7. Anonymous Coward
    Anonymous Coward

    Get on board

    surf on over

    bash out a little script

    parse those 9.6GB for email addresses

    publish and

    SHAME ON!

    this one could burn for months, maybe years

    oh, the humanity! fnarr

  8. Medixstiff

    I remember a few years ago now getting a call on my mobile whilst heading to work and the conversation went:

    Sean: Listen GF saw my Oasis Active account was being logged into and I told her it was you seeing what the site was like.

    Me: OK, so what are your login details.

    Sean: Why would you need those?

    Me: Well how else do I prove it was me?

    Sean: Do you really need them?

    Me: Only if she ever asks me to prove it.

    Sean: I'll suspend the account.

  9. heyrick Silver badge

    "a hookup website designed for those who want to cheat on their partners."

    For those account details that are real, I can't help but feel this is some sort of laser guided karma.

    "any freethinking people who choose to engage in fully lawful online activities."

    Typical lawyer seeing a narrow definition that fits their argument. Correct, there likely is no law against using a website to search out somebody else to hook up with, however following through with it is a little less pleasant and lawful and freethinking.

    Or, put it like this, if you found your partner on the list (with valid billing details, not just an email address), exactly how much would you trust them even if they protested innocence? You don't necessarily know that they got off with a girl with bigger tits / bloke with bigger biceps (delete as applicable), but there is enough loss of trust to make the future very uncertain.

    Freethinking? Lawful? I'm just going to call it karma.

    1. Anonymous Coward
      Anonymous Coward

      Karma?

      I don't think that all the schoolchildren who get bullied over this did anything to deserve it.

      Most of the people searching this database will be schoolkids checking out their peers' parents.

      1. Anonymous Coward
        Anonymous Coward

        Re: Karma?

        If only the fathers of these poor bullied schoolchildren had thought of that before they signed up to an adultery webiste hoping to have an affair.

        I'm all for the "duty of society" and so on, but parents (and given the >90% figure it will be the fathers) have duties and responsibilities too. If the consequences of their actions hurt their loved ones, well, perhaps they shouldn't have done it in the first place.

        Now there are already plenty of people thrashing out a plausible-deniability "somebody signed me up without me knowing" defence in the comments, so maybe it will all blow over after all.

        1. h4rm0ny

          Re: Karma?

          >>"I'm all for the "duty of society" and so on, but parents (and given the >90% figure it will be the fathers) have duties and responsibilities too. If the consequences of their actions hurt their loved ones, well, perhaps they shouldn't have done it in the first place."

          When something happens it is a product of all the people who made it happen, not just one of them. If someone cheated on their partner using this site, that is one requirement to be on this list (well, actually can be on it without that but anyway...). But there is also a requirement for these hackers to have publicized the list to make the problem much worse. It seems biased to respond to criticism of these hackers by trying to make being on this public list solely the fault of one party - clearly it is the product of both. It suggests to me you have a desire to blame the one party.

        2. Naselus

          Re: Karma?

          "given the >90% figure it will be the fathers"

          Given the 90% figure, it will mostly have had to be fathers having affairs with other fathers...

          1. Anonymous Coward
            Anonymous Coward

            Re: Karma?

            Given the 90% figure, it will mostly have had to be fathers having affairs with other fathers...

            It also means the 10% of mothers on the site are right old goers to be servicing the 90% of fathers

        3. anonymous boring coward Silver badge

          Re: Karma?

          Bollocks to this.

          Morals shouldn't be imposed on people in a suposedly FREE society.

          Move to an Islamistic state if you want that sort of thing.

          Nuff' of this "moral outrage" sort of crap. Leave that to the two faced tabloids.

          1. Anonymous Coward
            Anonymous Coward

            Re: Karma?

            >Morals shouldn't be imposed on people in a suposedly FREE society.

            No but it would be nice if the majority had them which doesn't seem to be the case anymore.

            1. Anonymous Coward
              Anonymous Coward

              Re: Karma?

              "No but it would be nice if the majority had them which doesn't seem to be the case anymore."

              Whos morals exactly should we use as the bench mark? Westborough Baptist church? Yours? ISIS?

              How about I determine the moral standards by which you need to live for a few months - see how that goes.

              Tit.

            2. anonymous boring coward Silver badge

              Re: Karma?

              Nah, the proportion of "moral" (by your definition) people is most likely just the same now as it has ever been.

              Some people just enjoy feeling morally superior reading about scandals -that's all.

              Well, that's what my liberal views tell me anyway. I'm not a proponent of regulating peoples' lifes beyond actual criminal activities.

      2. Bloakey1

        Re: Karma?

        But my karma will run over your dogma.

        Who is to say it is not all a hoax and the data has been scraped and aggregated from elsewhere?

        Karma my arse.

      3. Andrew Moore
        Coat

        Re: Karma?

        I don't think there are many schoolchildren using Ashley Madison to cheat on their partners...

      4. heyrick Silver badge

        Re: Karma?

        "I don't think that all the schoolchildren who get bullied over this did anything to deserve it."

        Oh, a "think of the children" post.

        At the risk of garnering more downvotes, if a child's parent is on the list, they may well have bigger issues looming than whether or not they'll be bullied at school.

      5. Chris Hunt

        Re: Karma?

        Most of the people searching this database will be schoolkids checking out their peers' parents.

        School bullies clearly have a significantly greater work ethic these days (not to mention a much improved grasp of technology). In my day they just singled out a kid with the wrong hair colour/physique/aptitude for sport/accent/whatever else they chose to pick on, instead of trawling through a 9.6GB database to find potential victims.

        1. Michael Wojcik Silver badge

          Re: Karma?

          In my day they just singled out a kid with the wrong hair colour/physique/aptitude for sport/accent/whatever else they chose to pick on, instead of trawling through a 9.6GB database to find potential victims.

          Damn bullies, stealing my lunch money to pay for their AWS clusters.

          Or that time they made me debug their R code.

    2. Steven Raith

      "Or, put it like this, if you found your partner on the list" then you obviously think it's likely your partner would cheat on you, meaning you already had deep-seated issues of trust in your relationship.

      HTH

      Steven "This is why I'm single*" R

      *actually it's because I'm fat and gobby

  10. fedoraman
    Thumb Down

    Ain't gettin' nuthin here!

    I think that Ashley Madison has just killed their business stone dead, but not because of the lax security. No, its because it appears that "90 - 95% of the users are male". So, either the implied 5 - 10% of female users are *extremely* busy, or - and this seem more likely - most of the blokes on there are very dissatisfied cos they ain't gettin' nuthin'.

    1. Wzrd1 Silver badge

      Re: Ain't gettin' nuthin here!

      "So, either the implied 5 - 10% of female users are *extremely* busy, or - and this seem more likely - most of the blokes on there are very dissatisfied cos they ain't gettin' nuthin'."

      Blather. The reality is, most "hook up" sites are largely male members, variable actual female members, researchers and trolls.

      Based upon my six site research.

      And I'm far from being "on the market". Just doing sexurity research, with my wife looking over my shoulder and laughing, as I was laughing.

      The sexual spectrum is fascinating in diversity, the mistruths phenomenal.

      That said, this particular site was off scope of research. It was more management, off-troll and oddity, due to previously discovered metrics.

      As in >95% male, proclaiming hetero and oddly <5% female, based upon profile profiling and posting research conducted by other researchers.

      Interesting how many desire to dispose of the rule of law and accept anarchy, never realizing that under those conditions, their very lives were in grave danger to anyone annoyed with them.

      1. Pascal Monett Silver badge
        Trollface

        Re: "Based upon my six site research"

        Wouldn't it be funny if all the members of such sites were "sex researchers" ?

        Which, of course, in a way, they are.

        1. Anonymous Coward
          Anonymous Coward

          Re: "Based upon my six site research"

          "Wouldn't it be funny if all the members of such sites were "sex researchers" ?"

          The Dick Emery sketch in which all the Hells Angels turned out to be curates.

        2. Naselus

          Re: "Based upon my six site research"

          "Wouldn't it be funny if all the members of such sites were "sex researchers" ?"

          A brilliant dating site idea - a hookup site for social scientists looking into hookup sites.

      2. Michael Wojcik Silver badge

        Re: Ain't gettin' nuthin here!

        And I'm far from being "on the market". Just doing sexurity research, with my wife looking over my shoulder and laughing, as I was laughing.

        You only sign up for the articles, eh?

        Not that I don't believe someone would peruse dating and "hook up" sites purely for the inherent humor, mind you. I've never bothered, but I've read accounts from people who have used them, and some of them are damn funny. But the qualifications are starting to sound a bit defensive. Less, in this rhetorical situation, is more.

    2. Annihilator
      Holmes

      Re: Ain't gettin' nuthin here!

      "No, its because it appears that "90 - 95% of the users are male". So, either the implied 5 - 10% of female users are *extremely* busy, or - and this seem more likely - most of the blokes on there are very dissatisfied cos they ain't gettin' nuthin'."

      This site, most dating sites, most nightclubs too in my experience... This is the way it's always been!

      Related to the same reason that Take Me Out is structured as 1 guy, 30 women. Were the genders reversed, there would still be 30 eager men with their lights on at the end of each segment.

    3. Dave Stevens

      Re:5 - 10% of female users are *extremely* busy

      My understanding of a "Sugar Daddy Site" is that it's just another form of an escort service. The male users pay for sex.

  11. Anonymous Coward
    Anonymous Coward

    Farside cartoon in here somewhere

    Terry was a fat, greasy unwashed individual with no social maners, he had no luck on Ashley Madison so he decided to play them at their own game.

    Finally he feels he is screwing someone!

  12. Anonymous Coward
    Anonymous Coward

    Whatever the misdemeanor of the people involved there are many more innocent parties who will be absolutely devastated that the "screw you" attitude of this action.

    How terrible it must be to discover that your partner has been unfaithful, but this is made worse by the news being broadcast to you, your friends and associates by nameless persons preaching about it.

    A child's discovery of this information could be extremely damaging.

    If someone had discovered their partner had been unfaithful, they would be able to deal with it in their own way, but this privacy of action has been removed.

    They are as bad as the people who were site members.

    1. Bloakey1

      <snip>

      "They are as bad as the people who were site members."

      Talking of members, are we going to see all those dreadful willy pics that go with this type of account? I for one do not fancy 9.6 gigs of that.

    2. Anonymous Coward
      Anonymous Coward

      "...there are many more innocent parties who will be absolutely devastated that the "screw you" attitude of this action."

      But, you miss the human desire for summary execution, of justice or life.

      For, those yearning to see disaster don't give a troll's fuck for anyone other than their meat sack bones.

      I, me, myself and I are their centers, everyone else gets fuck all. Give them legal reason, they'd kill.

      I've experienced both in my military life, in significant extremes.

      The common root is insisting that *their* morality must reign supreme.

      I offer them one of my more unfortunate war experiences. Offering prize money for the head and hands for a specific terrorist.

      Regrettably, we had DNA on the terrorist.

      50 DNA sets later, we didn't get the bastard.

      Worse, he blew himself up building the next marketplace bomb.

      So, that asshole doesn't care about collateral damages, screw society, as long as *I* get what I want.

      Unfortunately, my my cock-ups were rare. My team and I thrived under those conditions, reversing the Orwellian thinking. Only three ventures haunt my evenings. The remainder is the majority.

      But then, our *minds* were our primary weapons, words secondary, force of arms our very last resort.

      We studies failures a lot, trying to figure out a way around failure.

      I'm going abed now. It's stupid O'clock, I do have to get up in the afternoon.

      1. Pascal Monett Silver badge

        Given your line of work (at the time), I would think that it is rather fortunate that your cock-ups were rare.

  13. Simon Booth

    "If they don't store credit card information, *how* do they manage to collect those fees? Telepathy?"

    They'll use a PSP (Payment Service Provider) - PayPal, Stripe, WorldPay (there are loads) to collect the cash.

    1. Anonymous Coward
      Anonymous Coward

      "They'll use a PSP (Payment Service Provider) - PayPal, Stripe, WorldPay (there are loads) to collect the cash."

      Leaving an account flag data to that PCI information.

      Pwned.

      One thing of interest, confidential information, *seriously* classified information later, at least RBN didn't collect it first.

      RBN is swift upon capitalization of recently available resources.

      Yeah, it's *long* been that way.

      PRC, more gauged.

      I'll kick each back into play when violence is involved.

  14. msknight

    Here's one to consider

    What about partners registering their unsuspecting spouses up in order to bolster a case for divorce?

    I've been involved in supporting a US man who was really dropped in it by his common law wife of 19 years. She planned everything for months, only telling him on the evening before she had some friends coming around to move her gear, and possibly his too, as she called the cops and wanted them to use their 72 hour section powers to take him away because she, "feared violence from him."

    Fortunately, the cops didn't believe her and he managed to stay around to defend some of the stuff that they were trying to take. But there's an entire MGTOW movement (Men Going Their Own Way) because of this behaviour.

    Scheming and manufacturing of evidence to be used against a spouse in a case, is certainly not as improbable as many would casually think.

  15. Nolveys
    Holmes

    Politicians

    I wonder how many politicians are in there. Canada is having a federal election in two months and supposedly 1 in 5 Ottawa residents are in the database, could make things interesting.

    I wonder what the stats are for Washington, DC (after filtering out all of the redundant Clinton accounts).

  16. David Austin

    Security Flack

    I Feel that Ashley Madison have/are getting off way to lightly for their frankly terrible security practices - everyone's focusing on the scandal of the data, or the ethics of the hackers.

    While both of those are interesting points, few are calling Ashley Madison's lax security, which we can do now even without more tech details; not deleting/archiving records, storing credit card details in non-reversable form, and definitely not PCI Compliance.

    1. Bloakey1

      Re: Security Flack

      It appears that Ashley Madison's security was way better than some of the other hacks out there. They were using Bcrypt for example to encrypt passwords.

      I am not seeing enough background chatter to suggest that this is truly genuine.

      1. Hawkeye Pierce

        Re: Security Flack

        Um no, it was shoddy (well OK, technically you may still be right in saying it was "way better" but that shouldn't be taken to mean it was anything approaching good). For instance you could determine whether ANY email address was a registered member (i.e. in their database) at any point in time.

        See http://www.troyhunt.com/2015/07/your-affairs-were-never-discrete-ashley.html

  17. Anonymous Coward
    Anonymous Coward

    > Ashley Madison's founding CTO ... is not convinced this leak is real.

    Surely he can check pretty easily?

  18. BrendHart

    9/10 users are male. Unless you are a homosexual male those odds don't sound like they are worth $!5 a month. That is the real story here.

  19. Jason Bloomberg Silver badge

    Clusterfuck

    I find it hard to know how to feel about it all. There has been wrong done by all parties, legal and/or moral. I find it hard to say anyone is more to blame, more wrong or any better than anyone else, and it seems everyone is going to pay the price in the end as punishing of those wrongs is pursued.

    The only good thing about it all is that it should make an interesting case study for those discussing ethics and morality.

    The real moral of the story is, as it always has been; don't trust others to keep your secrets secret nor expect the outcome to be as you would hope it to be.

  20. a pressbutton

    Not so anonymous

    Guido Fawkes website says there are 130 odd .gov.uk addresses in there ...

    Careless at best.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not so anonymous

      "Guido Fawkes website says there are 130 odd .gov.uk addresses in there "

      He's an Irish guy with a huge chip on his shoulder about the British. I believe him about as much as I would believe the Drudge Report. 130 is far to small to be credible.

  21. Phuq Witt
    Facepalm

    Armchair Warriors

    "...The rest is beyond my security clearance level. Some importance is due to military e-mail addresses, which will not be discussed at all..."

    "...Either we have law and order or we have mayhem. I happen to be exceptionally good in either environment. I *prefer* law and order over mayhem, but I can do mayhem..."

    You are Jake and I claim my ten pounds!

  22. This post has been deleted by its author

  23. Loyal Commenter Silver badge

    'Full' Credit Card Details

    "If there is full credit card data in a dump, it’s not from us, because we don’t even have that," Bhatia added.

    Those sound like weasel words to me. That can (and probably should) be read that they don't hold full CC details. In other words, they may only have the name on the card, card number, expiry date, and cardholders address, but not the CVV code (the 3 digits on the back which retailers are not supposed to store after a payment is processed anyway).

    That's still PLENTY of information and certainly enough to make card-not-present fraudulent transactions against the card.

    For instance, Amazon doesn't ask for the CVV code when using its 'one-click' checkout, instead they absorb the cost of any fraud themselves, trading it off against 'ease-of-use'. Your opinion on whether being able to accidentally click on a button and charge your credit card is 'ease-of-use' may vary...

  24. Anonymous Coward
    Anonymous Coward

    Unlawful != immoral

    Technically laws are a sign of a broken society, especially laws as voluminous as we have now. Again, you'll not like this fact, but it's a fact. Just think about it a bit....no, no, just down-vote...that's easier :) Feel better now?

    1. Burbage

      Re: Unlawful != immoral

      Much better, thanks.

  25. Anonymous Coward
    Anonymous Coward

    Regardless of the criminal aspect or the poor security its still a case of people wanting to dictate and control how other people live their lives.

    This rather contradicts the hackers actions as they have actually stolen information and as we know,theft is illegal !

    I suspect many people joining any dating site alluding to no strings attached meetings will actually be single anyway

  26. ColonelClaw
    Joke

    At a personal level...

    This data breach is so embarrassing for me - because I'm not on it, now everyone can see that I was lying when I said I have loads of affairs

    ...I'll get my coat

  27. Lewis2015

    Amex AVS

    Users who paid with Amex are probably most worried, as the cardholder name forms part of the AVS checks. That's assuming Ashley Madison refused AVS fails of course.

    For Visa and Mastercard you could enter any name in the payment details and the payment will authorise.

    1. Anonymous Coward
      Anonymous Coward

      Re: Amex AVS

      "For Visa and Mastercard you could enter any name in the payment details and the payment will authorise."

      Its been a while since I worked with card data and authorisations but if I remember rightly the name isnt used at all - the only parts that go through for auth are the numeric parts so house number, numeric parts of the postcode and CV2 number.

  28. Anonymous Coward
    Anonymous Coward

    We are forgeting the important part

    I gather that the miscreant was a former IT contractor. Far too many companies hire contractors and hand them the keys with no compunction or checks.

    1. breakfast
      Headmaster

      Re: We are forgeting the important part

      Contractors are usually on fairly strong contracts ( there in the name ) and if it proves to be from an ex-contractor they will have an immediate recourse to law and will be able to sue them to the limits of their finances and then also to the limits of their insurance cover.

      1. Anonymous Coward
        Anonymous Coward

        Re: We are forgeting the important part

        Contractors are usually on fairly strong contracts

        Sure, but, when said contractor is some in-placed dude / dudette allegedly working in India, Pakistan or China ... Good Luck with enforcing that "Strong Contract".

        Place I worked with before had their Chinese "strategic partners" rip the entire code-base and set up a clone of the service. Nothing to be done - except sack 2/3 of the staff to cover the loss on the adventure!

    2. d3vy

      Re: We are forgeting the important part

      "I gather that the miscreant was a former IT contractor. Far too many companies hire contractors and hand them the keys with no compunction or checks."

      Let me guess, disgruntled permie sure that the reason he's not getting a pay rise is that the company hires too many contractors?

      I'd like to see something backing up your claim - anything at all that proves that contractors are less trustworthy than permanent staff... Frankly if your company do any vetting on their staff but not their contractors then there is something wrong - are you sure that the contractors are not being supplied pre-vetted by their agancies etc?

  29. Anonymous Coward
    Anonymous Coward

    Wait, what

    "Find yourself in here? It was ALM that failed you and lied to you.."

    Find yourself in here? so it's a public service for people who simply forgot they were scammed by the possibility of having an affair?

  30. This post has been deleted by its author

  31. x 7

    OK,..........so now I've downloaded the files what do I use to open them?

    Bunch of ".dump" files

    1. Kevin Fairhurst

      Textpad? It's a load of SQL INSERT statements so to do it properly you could roll your own tables together and run the scripts en masse (may take a while!) - whack in a few indexes, slap a gui on the front (with a huge number of banner adverts) and you can offer it up as a "free" way to see if your email address / name / credit card number can be found within the data archive. Just don't keep a record of what searches are made though, right? :)

      (and for reference, amino_member_email.dump contains 120 occurrences of the string gov.uk)

    2. fajensen

      Fire up MySQL and "Import" them!

  32. Gis Bun

    I can see one spouse checking to see if the other spouse was cheating and vice versa.

    already reports that some addresses used are false.

  33. Mike Flugennock
    Thumb Up

    I'm actually thankful to the Impact Team...

    ...for no other reason than that what they did helped bring down a hypocritical little right-wing shitstain named Josh Duggar.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon