E-mails sent by the founder of infidelity Web site AshleyMadison.com appear to have been exposed in a second, larger release of data stolen from its parent company, Avid Life Media, cyber security experts confirmed yesterday.
The data dump by cyber criminals who have attacked the site appears to include e-mail messages linked to Noel Biderman, founder and CEO of the Toronto-based media company.
In a message accompanying the release, the criminals said: "Hey Noel, you can admit it's real now." This appeared to be a riposte to the company's initial response to Tuesday's dump that the data may not be authentic.
The earlier dump exposed millions of e-mail addresses for customers of Ashley Madison (whose tagline is "Life is short. Have an affair"), including for US government officials, UK civil servants and high-level executives at European and North American corporations.
The US Defense Department and Postal Service are also investigating the alleged use of military and other government e-mail accounts on the site.
Former reality TV star and family values campaigner Josh Duggar admitting to cheating on his wife after reports he had subscribed to the site.
The criminals object to the site's business practices, specifically a "paid delete" option that allows people to pay to remove all their information but, they say, does not actually do that.
David Kennedy, founder and security consultant at TrustedSec, said the fresh release appears to be authentic. "Everything appears to be legit," he said in an e-mail. "We have portions downloaded and it's confirmed legitimate thus far."
A report in Vice Media's online technology site Motherboard, which first reported the new data dump, said the release bore the same fingerprints as Tuesday's release.
The additional release will likely increase pressure on Avid Life, which has been quiet about exactly how much and what sort of data was stolen in a breach in July.
The company, which also owns niche dating Web sites CougarLife.com and EstablishedMen.com, did not immediately respond to requests for comment.
"These guys are very diligent about not being caught," said Erik Cabetas, managing partner of Include Security, who has done forensic work on the initial dump.
The release includes source code for the Web site as well as smartphone apps and proprietary company data, he added. The availability of the source code could allow other hackers to set up a similar site or find and exploit vulnerabilities on the actual site, which is still operating.
The 20GB data dump reported on Thursday would be roughly double the size of the earlier one.
Despite the negative publicity surrounding the cyber attack, demand for Ashley Madison's services has been steady since the data breach was first announced in July, said Mark Brooks, CEO of Internet dating consultancy Courtland Brooks.
"I would have thought this would be a death knell for that company because their entire business basis is privacy," Brooks said. "It just goes to say that all press is good press...The awareness of the brand is through the roof."
US military, postal service probes
The data release could have severe consequences for US service members. Several tech Web sites reported more than 15 000 e-mail addresses were government and military ones.
The Pentagon said it was aware of reports that military e-mail addresses were among those posted earlier in the week.
Defense secretary Ash Carter told a Pentagon news conference that different service branches were looking into the matter.
"I'm aware of it. Of course it's an issue because conduct is very important. We expect good conduct on the part of our people," Carter said. "The services are looking into it, as well they should be, absolutely."
The US Postal Service and its internal watchdog also plan to review whether some of the agency's employees may have violated federal policies by using their government e-mail on the infidelity site.
Share