Marital Infidelity Site AshleyMadison Hacked, But Claims No One Should Worry Since It DMCA'd All Leaked Copies
from the wait,-what? dept
As you my have heard by now, on Sunday, online security super reporter Brian Krebs revealed that the infamous "dating site for married people who want to cheat on their spouse," AshleyMadison had its systems hacked, with whoever is responsible claiming to have basically everything. Apparently the site (and a few other similar sites run by the company) had 37 million registered users, many of which are probably a bit more worried about their information leaking publicly than they were a couple days ago.But, no worry, claims the company to a reporter at Wired: it's issued takedowns to everyone who posted the info, so problem solved:
In a followup statement to WIRED from Avid Life Media Monday morning, the company writes that it has used copyright infringement takedown requests to have “all personally identifiable information about our users” deleted from the unnamed websites where it was published.First off, what? Anyone who actually believes that DMCA takedown notices actually stopped this information from being available is probably also busy shipping the contents of his or her bank accounts to friendly princes-in-need across the Atlantic. Second, what? The company has no "copyright" claim in the information in question in the first place, and issuing a copyright/DMCA takedown doesn't make any sense at all, other than in a sort of desperate "please save us!" attempt to not have the company be completely destroyed by this incredible data breach. While perhaps some sites actually took the information down, there is simply no legitimate reason to use a copyright takedown claim to do so.
Meanwhile, others are pointing out that the site already leaked information about who had accounts if you knew what to look for -- and, somewhat ridiculously had bragged about its security in the past. Back in November of last year, after a bunch of celebrity nude photos leaked on the internet, AshleyMadison had a PR person reach out to me (and others) talking up AshleyMadison's privacy and security features:
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cheating, copyright, dmca, hacking, infedility, privacy, takedown
Companies: ashleymadison, avid life media
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Good to know
This raises one question (at least in my probably perverted mind): There are celebs on AM? Interesting...I guess I will open an account who lives in Cali. Or maybe we could all scan for celebs on the site... ok now I kind of hope they do not close and the information is made public, for the lulz of course! Set those scanners to senators!
[ link to this | view in thread ]
Or they can find a way to blackmail judges, juries, prosecutors, attorneys, regulators ...
A site with this kind of intel shouldn't have that much difficulty. The NSA only wishes they had this kind of power ...
[ link to this | view in thread ]
We have a winner, Mike!
The rest of you can just stop commenting, ...go home. Get to know your family again. Make love to your wife. Write that novel you got kicking around in your head....
[ link to this | view in thread ]
OPM database cross referenced to AM database
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: We have a winner, Mike!
[ link to this | view in thread ]
Of course they did! Even the hacker(s) at Impact Team say so in their statement:
"Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this."
[ link to this | view in thread ]
Re: We have a winner, Mike!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
potential culprits
2). angry, vindictive, cheated upon female with mad h@xor skillz. (that may be sexist, but, according today's AMA by a former Avid Life Media employee, it was only angry females who contacted them or showed up at the, guarded, front door in Toronto.
3). moralizing religious hacktivist.
4). opportunistic hacker doing it for the Lulz.
"Avid Life Media runs Ashley Madison, the internet's #1 cheating site, for people who are married or in a relationship to have an affair. ALM also runs Established Men, a prostitution/human trafficking website for rich men to pay for sex, as well as cougar life, a dating website for cougars, man crunch, a site for gay dating, swappernet for swingers, and the big and the beautiful, for overweight dating."
The moralizing, as evidenced in their statement (http://pastebin.com/Kty5xBiv), seems inconsistent. Their main goal is shutting down both the Ashley Madison and Established Men websites. However, they also publish the usertable for Swappernet with the rationale that this was the only site with cleartext passwords contained in the database. So, they are going after swingers, but only partially, and leaving the gay folk alone. The Ashley Madison site also requires females to sign up for this to work at all. The male/female ratio is heavily skewed towards males, especially after deleting the constant influx of bogus female accounts meant to drive traffic to webcam girls. However, that still means there are real females on the site looking for a very discreet affair. One would assume they are cheaters also. Yet, their statement contains this sentence:
"Too bad for those men, they're cheating dirtbags and deserve no such discretion."
What about the cheating dirtbags who are females? That may point to an angry, vindictive female hacker but I am confused by their strategy. They didn't dump the entire Ashley Madison database. They didn't even just dump only the males on that database. They are releasing the details on one account per day until both the Ashley Madison and Established Men sites are shut down. I would think that releasing the data all at once would effectively shut down those websites without the power trip game/drama. This is the main reason I am leaning towards a vengeful insider as the culprit. Their statement includes stuff that appears to be personal:
"Well Trevor [ALM's CTO], welcome to your worst fucking nightmare."
"And it was easy. For a company whose main promise is secrecy, it's like you didn't even try, like you thought you had never pissed anyone off"
Yet, there is the following statement as well.
"Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this."
The tone, and inconsistency, of those two statements reeks of anger and bragging. It certainly does not fit a purely moralizing hacktivist.
Finally, the name "Impact Team" was probably inspired by the recent "Hacking Team" exploits. I can't help but notice though that the acronym is "IT". If, in fact, a former member of ALM's IT department is seeking revenge than ALM probably already has a good idea who it is. Although, like most companies, they will attempt to keep all details secret while reassuring their paid subscribers that everything will soon be OK.
[ link to this | view in thread ]
Can they do that???
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: potential culprits
[ link to this | view in thread ]
How was it done?
[ link to this | view in thread ]
Re: How was it done?
Of course, hacking could have been via security holes in php programming, rather than the OS and server software.
As someone very sceptical of systemd's security, I also wonder if that could be the source of the breakdown.
[ link to this | view in thread ]
Re: Good to know
Where did you get that?
[ link to this | view in thread ]
Re: Re: We have a winner, Mike!
Maybe "make love to your wife before she divorces you".
[ link to this | view in thread ]
Security, Zuma style
[ link to this | view in thread ]
Oh yeah, it sure as hell isn't going to save AM.
[ link to this | view in thread ]
Re: potential culprits
[ link to this | view in thread ]
When lawsuits get filed against the company over lack of basic data security, I wonder how many Officers of the Court will be ethically required to recuse themselves due to their having accounts?
[ link to this | view in thread ]
DMCA takedowns are turning, culturally, into a universal data-suppression tool.
The carpet crawlers heed their callers...
[ link to this | view in thread ]
Re: DMCA takedowns are turning, culturally, into a universal data-suppression tool.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: We have a winner, Mike!
[ link to this | view in thread ]
[ link to this | view in thread ]
Um... that's an express train to a sucky relationship.
My approach has been to try to find people who know themselves, and are willing to be truthful with me from the beginning, even if it means admitting to uncomfortable tendencies, like needing the D from multiple directions. That is a place from which we can negotiate far more easily than the discovery of a betrayal.
Part of it is that infidelity is fun in fantasy. That's why we like to write about it in fiction a lot. If that's what is driving your sweetheart to someplace like Ashley Madison, there may be ways to appeal to the fantasy without having to deal with the consequences of reality.
Of course, if your partner is going to Ashley Madison because you're distrustful and suspicious of him all the time then maybe you weren't compatible from the beginning. Find a guy you can trust.
More generally: Distrust feels degrading even when it's not personal. When a store clerk requires me to entrust my bags with a clerk while browsing, it creates from entering the store a tense environment where customers are presumed to be potential thieves. It's also why discs that have unskippable anti-piracy adverts are distasteful in that they imply the owner (who probably paid for the media themselves) is a media pirate.
Don't DRM your love life. If you cannot trust any man, steer clear of men.
[ link to this | view in thread ]
Re:
Your "all men are pigs" is balanced out by my "all women are crazy." We're even. That's what we've got to work with so go from there.
[ link to this | view in thread ]