FROM THE WEB: What Is Actually Inside The Ashley Madison Data Dump


Security companies and data analysts have been keen to study the content of the stolen Ashley Madison files, which were dumped online by hackers yesterday.

Following the data release, many companies have launched investigations to try and establish details about the leaked information, which threatens to expose 32m users of the infidelity site.

And one investigator has documented his findings in a blog post.

Written by Eric Cabetas for application security consulting company Include Security, the blog offers an “honest holistic forensic analysis and minimal statistical analysis of the data found within the leak.”

Cabetas outlines the multiple stages to the process of tracking down and analysis of the data, including grabbing the initial leak from the Dark Web, file extraction and evidence gathering.

Speaking about the data analysis, Cabetas notes: “The attackers seemed of have leaked everything they promised on August 18th 2015 including: full database of user data, emails, internal ALM documents, as well as a limited number of user passwords.”

The blog lists the names of many stolen files uncovered in the meta-data analysis, and confirms that out of the 765,607 records in this database export, only four have a blank password.

Cabetas adds: “Sadly within the file we see user passwords are in clear text which is always a bad security practice.”

Check out the full post here.