HACKING
image

Cybersecurity

Thousands of Hongkongers outed: Ashley Madison members brace for fallout from hacked data of 37 million users

PUBLISHED : Thursday, 20 August, 2015, 11:34am
UPDATED : Thursday, 20 August, 2015, 2:37pm

Users of Ashley Madison, the pro-infidelity dating website, are at risk of being outed after hackers dumped details of around 37 million accounts online.

An examination of the hacked data by the South China Morning Post unearthed thousands of '.hk' email addresses, including official government accounts. Credit card, home addresses and telephone numbers, and even user sexual preferences are also included in the leak.

While Avid Life Media, Ashley Madison's parent company, has not officially confirmed the authenticity of the leak, several leading security experts have vouched for it.

READ MORE: Ashley Madison hackers publish data on cheating site, '.gov.hk' emails spotted among Hong Kong user details

Brian Krebs, a cybersecurity researcher who broke the news of the original hack, was initially skeptical about the leaked data published this week.

However, in an update posted to his blog on Wednesday night, he wrote that "there is every indication this dump is the real deal".

"I've now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database," Krebs wrote.

The Post independently confirmed that a number of email addresses used in the past to register accounts with Ashley Madison appeared in the leak.

WATCH: Owner of cheating website Ashley Madison confirms data leak

The data is still in fairly raw form, requiring a degree of technical expertise to access and analyse. However, information on hundreds of individual users has already been posted to Twitter, and is being freely shared on forums such as 4Chan and 8Chan.

It would not take a great deal of work to create a search engine to allow anyone to sift through the data, similar to that launched by Wikileaks in the wake of a massive leak from Italian cyber-espionage firm Hacking Team.

"There appear to be ongoing attempts to make the data much more easily available," according to internet media commentator John Hermann.

"It seems very likely that there will be a way for curious, non-technically-inclined people to search for the names of friends, spouses, partners, or anyone else very soon."

Troy Hunt, a security researcher who operates the website Have I Been Pwned, which allows people to check whether their emails are being traded by cyber criminals, has updated his service to include the Ashley Madison data.

Hunt's system is fairly secure and requires users to sign-up for notifications that they are affected personally by the hack, preventing members of the public searching for emails registered with Ashley Madison, but others may not be so scrupulous.

What's in the leaked data?

  • Account creation and last updated date
  • Membership type (paid, free, etc)
  • First and last name
  • Username
  • Street address
  • Phone number(s)
  • Date of birth
  • Gender (around 27 million male and 4.4 female identified accounts were included in the leak, a 6:1 ratio)
  • Profile tagline ("Young at heart seeking a mature lover", "nobody licks you better")
  • Weight and height
  • Ethnicity
  • Occupation
  • Security question(s)

Are you an Ashley Madison member affected by the hack? Email james.griffiths@scmp.com