The Ashley Madison hackers have just released another, even larger, batch of data that takes aim at the company’s executives and CEO.
The file is a massive 18GB, which is almost double the 9.7GB (compressed) dump they leaked earlier this week.
The new release seems to be a reaction to Noel Biderman, the CEO of Avid Life Media, not admitting that the initial data dump was legitimate.
The latest collection of data comes with a note from the hackers saying: “Hey Noel, you can admit it’s real now.”
It was posted by The Impact Team on the same Deep Web site that the previous data collection was released on.
While the previous data was focused on the users of Ashley Madison, while also containing some sensitive company information, the new dump seems specifically targeted at the company and its executives.
One of the files in the dump, which security researchers are now pouring over, is named “noel.biderman.mailZz”.
Other files include “avid.tgz”, “design.tgz”, “dev.tgz”, “mobile.tgz” and “product.tgz”.
The founder and security consultant at TrustedSec, Dave Kennedy, told Reuters the release seems to be authentic.
Looks a lot more than emails, possibly source code for the websites including mobile app, dev, etc.
– Dave Kennedy (ReL1K) (@HackingDave) August 20, 2015
However, early reports say the majority of the data is source code and backend information for Avid Life Media’s various sites.
And it also seems as if Noel Biderman’s email file is corrupted, as a number of early attempts to open the file have not worked.
several sources have reported that Noel Biderman’s inbox in the new AshMad dump today is a 13 gb corrupted file.
– briankrebs (@briankrebs) August 21, 2015
Of course, the hackers may well release an uncorrupted version of the file in the coming days.
And although the latest hack seems to be because Avid Life Media did not fully admit to the leak, in their latest statement, the company confirms the data dump is real:
“We are aware of the reports that criminals have stolen proprietary company files from Avid Life Media (ALM) and are disseminating them online.
“We are working with law enforcement, including the U.S. Federal Bureau of Investigation (FBI), the Royal Canadian Mounted Police (RCMP), the Ontario Provincial Police (OPP), and the Toronto Police Services (TPS) to determine who is behind this criminal activity.”
The company also appealed for legal and individual rights not to be threatened by “outside interference, vigilantism, selective moralising and judgment.”
When the initial leak was reported, researcher Brian Krebs interviewed Raja Bhatia, Ashley Madison’s CTO, who said: “On a daily basis, we’re seeing 30 to 80 different claimed dumps come online, and most of these dumps are entirely fake and being used by other organisations to capture the attention that’s been built up through this release.”
Because of this, Krebs said the initial dump may not be real, but after investigating further, reversed his position after some reliable contacts confirmed their leaked credit card details were accurate.
I’m sure there are millions of AshleyMadison users who wish it weren’t so, but there is every indication this dump is the real deal.
— briankrebs (@briankrebs) August 19, 2015
Since the first leak happened, we have started to see its impact regarding named users, with the US defence secretary Ash Carter saying they were investigating the thousands of .mil email addresses leaked in the dump, because adultery in the military is a prosecutable offence.
In addition to this, reality show star Josh Duggar, whose email address was found on the site, admitted to having a profile, saying: “I have been the biggest hypocrite ever”.
After the initial reports of the hack last month, Noel Biderman told Brian Krebs the breach seemed like an inside job, done by someone with complete access to their system.
Krebs said: “Early on, when I broke this story a month ago today, the CEO confirmed that they’d been hacked and he seemed pretty convinced it was somebody who had legitimate access to their network at some point and they had strong suspicions about who that person might be.”
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
Here is the most recent statement from Avid Life Media in full:
“We are aware of the reports that criminals have stolen proprietary company files from Avid Life Media (ALM) and are disseminating them online. We are working with law enforcement, including the U.S. Federal Bureau of Investigation (FBI), the Royal Canadian Mounted Police (RCMP), the Ontario Provincial Police (OPP), and the Toronto Police Services (TPS) to determine who is behind this criminal activity.
“Regardless of the nature of the content, our customers, this company, and its employees are all exercising their legal and individual rights, and all deserve the ability to do so unhindered by outside interference, vigilantism, selective moralizing and judgment. The individual or individuals who are responsible for this straightforward case of theft should be held accountable to the fullest extent of international law.
“As for the operations of Avid Life Media, we continue to devote significant resources to our security protocols and systems and we continue to support our customers around the world.”
More on the story as it develops.