Hackers expose Ashley Madison CEO's emails
Posted: Aug 19, 2015 6:41 PM CDT | Updated: Aug 20, 2015 7:02 PM CDT
Now for phase two of the Ashley Madison hack: exposing executives' company emails.
On Thursday, the mysterious hackers who already broke into Ashley Madison and unmasked cheaters (and would-be cheaters) dumped yet another huge load of stolen data.
This time, it included the emails of Noel Biderman. He's the CEO of Avid Life Media, the Canadian company that runs cheating website Ashley Madison and many other dating hubs.
The emails alone are a huge file -- at least 12.7 gigabytes.
Cybersecurity experts started combing through the files Thursday afternoon.
David Kennedy, CEO of cybersecurity firm TrustedSec, told CNNMoney the files include the highly sensitive computer code that powers Ashley Madison's website, making the website more susceptible to future attacks.
\"You're witnessing the destruction of the company,\" he said.
Ashley Madison's parent company did not immediately respond to CNNMoney's questions.
If the exposed contents are anything like last year's Sony Pictures hack, the data may also contain private conversations, internal company secrets and embarrassing details.
In Sony's case, hackers exposed the full inboxes (and outboxes) of Sony Entertainment Chairman Michael Lynton and Sony Pictures Chairwoman Amy Pascal. Thousands of conversations with government officials and Hollywood producers proved embarrassing, revealed dark aspects of the film business, and even cost Pascal her job.
The hackers' latest data dump hints at the depth of the cyberbreach.
The Ashley Madison hackers first exposed data revealing user names, emails, physical addresses, credit card numbers and more. All of that was quickly made easily searchable online. Hackers also revealed internal documents, worker salary data, and what seems to be real passwords to the company's PayPal accounts.
There's no telling how much hackers will expose going forward.
\"This seems to be a complete network compromise,\" said cybersecurity expert Dave Lewis.
The hackers took a jab at the company's CEO. Here's the message they attached to this latest data dump.
\"Hey Noel, you can admit it's real now.\"
-- CNNMoney's Laurie Segall contributed to this report.
(CNN) It was only a matter of time.
The stolen database of 32 million people who used cheating website Ashley Madison has made its way to the Web. And it's easily searchable on several websites.
Just plug in a name or email address, and you'll find out if someone who signed up for the service.
CNNMoney is not linking to these sites directly, but they can be found via regular Web searches -- if you know exactly what to look for.
Usually, hacked data is difficult to reach or sort through. Stolen files are posted on the Dark Web (which requires a special web browser called Tor). And they're traded on file-sharing platforms (which also requires special software and clicking on dubious downloads).
But now anyone can check if his or her spouse was cheating -- just by filling out a form.
Someone has even created a custom Google Map that displays some of AshleyMadison.com users' addresses registered with the website.
Some people were idiotic enough to sign up using company and government work email addresses, making them especially easy to positively identify. Our quick review found 6,904 addresses linked to the Canadian and American governments, plus another 7,239 in the U.S. Army, 3,531 in the Navy, 1,114 Marines and 628 in the Air Force.
But it's difficult to verify the accuracy of these searching tools. But at least one tool, which searches by email address, returns accurate results. CNNMoney verified this by plugging in email addresses of users it has independently verified.
The danger of being exposed is real.
Many of the cheaters exposed in this hack serve in the U.S. military, evident because they used email addresses that end in the .mil domain. Adultery does, in fact, violate Uniform Code of Military Justice. It's a prosecutable offense that can land you a year in confinement and a dishonorable discharge.
What about people who used Ashley Madison to engage in gay affairs? The website's users were worldwide, and there are 79 countries where homosexuality is illegal. In Afghanistan, Iran, Mauritania, Nigeria, Qatar, Saudi Arabia and the United Arab Emirates, the punishment is death.
A quick search of a small subset of Ashley Madison users listed two in the United Arab Emirates. Their addresses are most likely legitimate, because they were tied to the credit card they used to pay for the service, according to one computer researcher.
This is what Tim Cook was talking about earlier this year when he said we don't live in a post-privacy world. Absolute privacy of data still matters.
The Ashley Madison hack includes customer names, credit card data, physical addresses and sexual preferences. Some users were smart enough to use fake names. But financial data is legitimate. And in total, the data makes it easy to hunt someone down.
This information is incredibly revealing. For example, the database shows if a person was listed as a married \"male seeking male\" with a \"someone I can teach\" sexual fantasy looking for a \"boy next door.\" Or an \"attached female seeking male\" with a \"spanking\" fantasy seeking \"a Don Juan.\"
The listed sexual fantasies range from master/slave relationships to cross dressing and exhibitionism.
This hack proves that you need to exercise extreme caution if you're going to share your deepest, darkest secrets. Using your real name or payment information is a hazard. No website is impenetrable. Few websites practice good security standards. Even major American banks use second-rate security.
AshleyMadison.com had it even worse. As a hive of cheaters, it has long been the antagonist of betrayed spouses. It was an inevitable target for hackers. And the company behind the website, Avid Life Media, knew it couldn't protect user data.
That's why, in the fine print, Ashley Madison says, \"We cannot ensure the security or privacy of information you provide through the Internet.\" Compare that to the lofty promise it makes on the website front door for \"100% discreet service.\"