The data stolen through the hack of website Ashley Madison has reportedly been released online, with personal information on millions of people now available online.
If the report turns out to be true, 2015 could be the year of relationship troubles, as Ashley Madison is a website for married people looking for affairs.
"We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data," said Ashley Madison in an email to Ars Technica. "We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business."
The information was released in a 10-gigabyte file, and is said to contain emails, profiles, credit-card transactions and a host of other sensitive information about Ashley Madison users. While the file posted does say that it contains information about users on a dating site, it does not specifically mention Ashley Madison.
The leak also provides cryptographically protected passwords, which are protected using the bcrypt hashing algorithm. This particular algorithm takes a large amount of time and computer resources to crack, although it is likely that a number of the passwords will be cracked given how many people use weak passwords. Hashing is when a string of characters is transformed into a key that represents the original string.
"Avid Life Media has failed to take down Ashley Madison and Established Men," said the hackers in an introductory document in the data dump. "We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data."
Assuming the data does, in fact, turn out to be real, people should keep in mind that, at least according to the hackers, the majority of female profiles are fake. Not only that, but it was also possible for anyone to create an account using the name and email of anyone else. What this means is that just because someone's name and email is in the leak, that doesn't necessarily mean that they created an account.
Avid Life Media, owner of the website, has promised users that it has ramped up the security of its system. Of course, this won't help those part of the site before the hack.
The news certainly presents somewhat of a moral dilemma. How far should privacy extend? Should those that potentially are hurting others have access to it?
Via: Ars Technica