Ashley Madison data breach

Last updated

In July 2015, an unknown person or group calling itself "The Impact Team" announced they had stolen the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The hacker(s) copied personal information about the site's user base and threatened to release users' names and personal identifying information if Ashley Madison would not immediately shut down. As evidence of the seriousness of the threat, the personal information of about more than 2,500 users was initially released. The company initially denied that their records were insecure, and continued to operate.

Contents

Because of the site's lack of adequate security and practice of not deleting users' personal information from its database – including real names, home addresses, search history and credit card transaction records – many users feared being publicly shamed. [1]

On 18 and 20 August, more than 60 gigabytes of company data was publicly released, including user details. The released data even included personal information about users who had paid the site to delete their personal information, since the company had not deleted the data that they claimed to have erased.

Timeline

The Impact Team announced the attack on 19 July 2015 and threatened to expose the identities of Ashley Madison's users if its parent company, Avid Life Media, did not shut down Ashley Madison and its sister site, "Established Men". [2]

On 20 July 2015, the Ashley Madison website put up three statements under its "Media" section addressing the breach. The website's normally busy Twitter account fell silent apart from posting the press statements. [3] One statement read:

At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber-terrorism will be held responsible. Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online. [4]

The site also offered to waive its account deletion charge.

More than 2,500 customer records were released by "The Impact Team" on 21 July, but the company initially denied the claim that its main database was insecure and had been hacked. [5] However, more than 60 gigabytes of additional data was released on 18 August and was confirmed to be valid. [6] The information was released on BitTorrent in the form of a 10 gigabyte compressed archive and the link to it was posted on a dark web site only accessible via the anonymity network Tor. [7] The data was cryptographically signed [8] with a PGP key. In its message, the group blamed Avid Life Media, accusing the company of deceptive practices: "We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data ... Too bad for ALM, you promised secrecy but didn't deliver." [9]

In response, Avid Life Media released a statement that the company was working with authorities to investigate, and said the hackers were not "hacktivists" but criminals. [10] A second, larger, data dump occurred on 20 August 2015, the largest file of which comprised 12.7 gigabytes of corporate emails, including those of Noel Biderman, the CEO of Avid Life Media. [11]

In July 2017, Avid Life Media (renamed Ruby Corporation) agreed to settle two dozen lawsuits stemming from the breach for $11.2 million. [12] [13]

Impact and ethics

None of the accounts on the website need email verification for the profile to be created, meaning that people often create profiles with fake email addresses. Ashley Madison's company required the owner of the email account to pay money to delete the profile, preventing people who had accounts set up without their consent (as a prank or mistyped email) from deleting them without paying. [14] Hackers allege that Avid Life Media received $1.7 million a year from people paying to shut down user profiles created on the site. The company falsely asserted that paying them would "fully delete" the profiles, which the hack proved was untrue. [14]

Josh Duggar, a 27-year-old man who had become famous as a teenage member of a conservative Christian family featured on a reality television series named 19 Kids and Counting , was one notable user of Ashley Madison whose data was breached. The released data included records of nearly $1,000 of transactions on a credit card account in his name. The news of the data release compounded his problems with revelations earlier that year about police reports of his sexual misconduct, and on August 20 he admitted he had been unfaithful to his wife. [15] [16] The data breach had quickly followed the release of a past police report alleging that he had fondled five underaged girls, including a few of his own sisters. On August 25, he checked himself into a rehabilitation center. [17] [18] [19]

Following the hack, communities of internet vigilantes began combing through to find famous individuals, whom they planned to publicly humiliate. [20] France24 reported that 1,200 Saudi Arabian '.sa' email addresses were in the leaked database, which were further extortionable due to the fact that adultery is punishable via death in Saudi Arabia. [21] Several thousand U.S. .mil and .gov email addresses were registered on the site. [22] [23] [24] In the days following the breach, extortionists began targeting people whose details were included in the leak, attempting to scam over US$200 worth of Bitcoins from them. [25] [26] [27] One company started offering a "search engine" where people could type email addresses of colleagues or their spouse into the website, and if the email address was on the database leak, then the company would send them letters threatening that their details were to be exposed unless they paid money to the company. [28] [29]

A variety of security researchers and internet privacy activists debated the media ethics of journalists reporting on the specifics of the data, such as the names of users revealed to be members. [20] [30] [31] [32] A number of commentators compared the hack to the loss of privacy during the 2014 celebrity photo hack. [33] [34]

Clinical psychologists argued that dealing with an affair in a particularly public way increases the hurt for spouses and children. [35] Carolyn Gregoire argued that "Social media has created an aggressive culture of public shaming in which individuals take it upon themselves to inflict psychological damage" and that more often than not, "the punishment goes beyond the scope of the crime." [35] Graham Cluley argued that the psychological consequences for people shamed could be immense, and that it would be possible for some to be bullied into suicide. [36] [37] Charles J. Orlando, who had joined the site to conduct research on women who cheat, wrote of his concern for the spouses and children of outed cheaters, saying that "the mob that is the Internet is more than willing to serve as judge, jury, and executioner" and that site members did not deserve "a flogging in the virtual town square with millions of onlookers". [38]

On 24 August 2015, Toronto police announced that two unconfirmed suicides had been linked to the data breach, in addition to "reports of hate crimes connected to the hack". [39] [40] Unconfirmed reports say a man in the U.S. died by suicide. [28] At least one suicide, which was previously linked to Ashley Madison, has since been reported as being due to "stress entirely related to issues at work that had no connection to the data leak". [41] The same day, a pastor and professor at the New Orleans Baptist Theological Seminary killed himself citing the leak that had occurred six days before. [42]

Users whose details were leaked filed a $567 million class-action lawsuit against Avid Dating Life and Avid Media, the owners of Ashley Madison, through Canadian law firms Charney Lawyers and Sutts, Strosberg LLP. [43] In July 2017, the owner of Ruby Corp. announced the company would settle the lawsuit for $11.2 million. [44] In a 2019 interview, Ashley Madison's chief strategy officer Paul Keable confirmed the installment of security features like two-factor verification, PCI compliance and fully-encrypted browsing as a consequence of the hacker attack from 2015. [45]

Data analysis

Annalee Newitz, editor-in-chief of Gizmodo , analyzed the leaked data. [46] They initially found that only roughly 12,000 of the 5.5 million registered female accounts were used on a regular basis, about 0.2%. [47] [48] The vast majority of accounts had only been used only one time, the day they were registered. Newitz also found that a very high number of the women's accounts were created from the same IP address, suggesting there were many fake accounts. They found women checked email messages very infrequently: for every 1 time a woman checked her email, 13,585 men checked theirs. Only 9,700 of the 5 million female account had ever replied to a message, compared to the 5.9 million men who would do the same. They concluded that, "The women's accounts show so little activity that they might as well not be there." [47] In a subsequent article the following week Newitz acknowledged that they had "misunderstood the evidence" in their previous article, and that their conclusion that there were few females active on the site had actually been based on data recording "bot" activities in contacting members. They note that "we have absolutely no data recording human activity at all in the Ashley Madison database dump from Impact Team. All we can see is when fake humans contacted real ones." They noted that the site seemed to keep track of human to human contact, but that this data had not been released by the Impact Team. [49]

Passwords on the live site were hashed using the bcrypt algorithm. [50] [51] A security analyst using the Hashcat password recovery tool with a dictionary based on the RockYou passwords found that among the 4,000 passwords that were the easiest to crack, "123456" and "password" were the most commonly used passwords on the live website. An analysis of old passwords used on an archived version showed that "123456" and "password" were the most commonly used passwords. [52] Due to a design error where passwords were also hashed separately with the insecure algorithm MD5, 11 million passwords were eventually cracked. [53]

While acknowledging that some men had detected the ruse, staff writer Claire Brownell of the Financial Post suggested that if only a few interactions were conducted, the Turing test could possibly be passed by the women-imitating chatbots that had fooled many men into buying special accounts. [54]

See also

Related Research Articles

In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. Another type of approach is password spraying, which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.

<span class="mw-page-title-main">Yahoo! Mail</span> American email service

Yahoo! Mail is an email service offered by the American company Yahoo, Inc. The service is free for personal use, with an optional monthly fee for additional features. Business email was previously available with the Yahoo! Small Business brand, before it transitioned to Verizon Small Business Essentials in early 2022. Launched on October 8, 1997, as of January 2020, Yahoo! Mail has 225 million users.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

LastPass is a password manager application owned by GoTo. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.

Ashley Madison, or The Ashley Madison Agency, is a Canadian online dating service and social networking service. It was launched in 2002 and marketed to people who are married who are looking for affairs. The website's slogan is "Life is short. Have an affair."

<span class="mw-page-title-main">Noel Biderman</span> Canadian internet entrepreneur and business marketing specialist

Noel Biderman is a Canadian internet entrepreneur and business marketing specialist. Biderman has occupied roles as corporate President, CEO, COO and International Lead for businesses that have operated in 58 countries. Biderman is the former CEO of Avid Life Media and was the Chief Executive of parent company Ashley Madison. He is the CEO of Avenue insights, member of board of directors at Flowr Corporation and chief marketing officer of Bitbuy.

The 2012 LinkedIn hack refers to the computer hacking of LinkedIn on June 5, 2012. Passwords for nearly 6.5 million user accounts were stolen. Yevgeniy Nikulin was convicted of the crime and sentenced to 88 months in prison.

<span class="mw-page-title-main">NullCrew</span>

NullCrew was a hacktivist group founded in 2012 that took responsibility for multiple high-profile computer attacks against corporations, educational institutions, and government agencies.

HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.

On August 31, 2014, a collection of nearly five hundred private pictures of various celebrities, mostly women, with many containing nudity, were posted on the imageboard 4chan, and swiftly disseminated by other users on websites and social networks such as Imgur and Reddit. The leak was dubbed "The Fappening" or "Celebgate" by the public. The images were initially believed to have been obtained via a breach of Apple's cloud services suite iCloud, or a security issue in the iCloud API which allowed them to make unlimited attempts at guessing victims' passwords. Apple claimed in a press release that access was gained via spear phishing attacks.

<span class="mw-page-title-main">Have I Been Pwned?</span> Consumer security website and email alert system

Have I Been Pwned? is a website that allows Internet users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps. The site has been widely touted as a valuable resource for Internet users wishing to protect their own security and privacy. Have I Been Pwned? was created by security expert Troy Hunt on 4 December 2013.

<span class="mw-page-title-main">Troy Hunt</span> Australian web security expert

Troy Adam Hunt is an Australian web security consultant known for public education and outreach on security topics. He created and operates Have I Been Pwned?, a data breach search website that allows users to see if their personal information has been compromised. He has also authored several popular security-related courses on Pluralsight, and regularly presents keynotes and workshops on security topics. He created ASafaWeb, a tool that formerly performed automated security analysis on ASP.NET websites.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

The Internet service company Yahoo! was subjected to the largest data breach on record. Two major data breaches of user account data to hackers were revealed during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.

Criticism of Dropbox, an American company specializing in cloud storage and file synchronization and their flagship service of the same name, centers around various forms of security and privacy controversies. Issues include a June 2011 authentication problem that let accounts be accessed for several hours without passwords; a July 2011 privacy policy update with language suggesting Dropbox had ownership of users' data; concerns about Dropbox employee access to users' information; July 2012 email spam with reoccurrence in February 2013; leaked government documents in June 2013 with information that Dropbox was being considered for inclusion in the National Security Agency's PRISM surveillance program; a July 2014 comment from NSA whistleblower Edward Snowden criticizing Dropbox's encryption; the leak of 68 million account passwords on the Internet in August 2016; and a January 2017 accidental data restoration incident where years-old supposedly deleted files reappeared in users' accounts.

Nulled is an online cracking forum.

ShinyHunters is a black-hat criminal hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

References

  1. Thomsen, Simon (20 July 2015). "Extramarital affair website Ashley Madison has been hacked and attackers are threatening to leak data online". Business Insider . Archived from the original on 14 April 2021. Retrieved 21 July 2015.
  2. "Online Cheating Site AshleyMadison Hacked". krebsonsecurity.com. 15 July 2015. Archived from the original on 16 December 2021. Retrieved 20 July 2015.
  3. "Ashley Madison". Twitter . Archived from the original on 19 August 2015. Retrieved 20 August 2015.
  4. Ashley Madison (20 July 2015). "Statement from Avid Life Media, Inc". Archived from the original on 21 July 2015. Retrieved 22 July 2015.
  5. Hern, Alex (21 July 2015). "Ashley Madison customer service in meltdown as site battles hack fallout". The Guardian . Archived from the original on 1 March 2017. Retrieved 14 December 2016.
  6. "Ashley Madison condemns attack as experts say hacked database is real". The Guardian . 19 August 2015. Archived from the original on 26 March 2016. Retrieved 19 August 2015.
  7. Hern, Alex (20 August 2015). "Ashley Madison hack: your questions answered". The Guardian . Archived from the original on 2 March 2017. Retrieved 14 December 2016.
  8. "No, You Can't Hire A Hacker To Erase You From The Ashley Madison Leak". Fast Company. 20 August 2015. Archived from the original on 20 August 2015. Retrieved 21 August 2015.
  9. "Hackers Finally Post Stolen Ashley Madison Data". WIRED. 18 August 2015. Retrieved 19 August 2015.
  10. "Statement from Avid Life Media Inc. – August 18, 2015". Ashley Madison. 18 August 2015. Archived from the original on 19 August 2015. Retrieved 19 August 2015.
  11. Pagliery, Jose (20 August 2015). "Hackers expose Ashley Madison CEO's emails". CNN Business . Archived from the original on 28 March 2022. Retrieved 2 August 2020.
  12. Kravets, David (17 July 2017). "Lawyers score big in settlement for Ashley Madison cheating site data breach". Ars Technica. Archived from the original on 19 July 2017. Retrieved 19 July 2017.
  13. Ruby Life Inc. (14 July 2017). "Ruby Corp and Plaintiffs Reach Proposed Settlement of Class Action Lawsuit Regarding Ashley Madison Data Breach". PR Newswire (Press release). Retrieved 19 July 2017.
  14. 1 2 "Some Dude Created an Ashley Madison Account Linked to My Gmail, and All I Got Was This Lousy Extortion Screen". The Intercept. 21 July 2015. Archived from the original on 22 August 2015. Retrieved 24 August 2015.
  15. Ford, Dana (August 20, 2015). "Josh Duggar after Ashley Madison hack: 'I have been the biggest hypocrite ever'". CNN . Archived from the original on August 20, 2015. Retrieved August 20, 2015.
  16. Remling, Amanda (20 August 2015). "'19 Kids And Counting' Star Josh Duggar Admits He Was Unfaithful To Wife Anna After Ashley Madison Leak". International Business Times . Archived from the original on 20 August 2015. Retrieved 20 August 2015.
  17. Puente, Maria (August 26, 2015). "Josh Duggar checks into rehab, family says". USA Today . Archived from the original on May 19, 2018. Retrieved August 22, 2017.
  18. Larimer, Sarah (August 26, 2015). "Josh Duggar enters 'long-term treatment center' following 'wrong choices'". The Washington Post . Archived from the original on May 19, 2018. Retrieved August 22, 2017.
  19. Leopold, Todd (August 26, 2015). "Josh Duggar enters rehab, family says". CNN . Archived from the original on August 30, 2015. Retrieved August 26, 2015.
  20. 1 2 "Early Notes on the Ashley Madison Hack". The Awl. Archived from the original on 21 August 2015. Retrieved 20 August 2015.
  21. "Americas - The global fallout of the Ashley Madison hack". France 24. 20 August 2015. Archived from the original on 23 August 2015. Retrieved 24 August 2015.
  22. Gibbons-Neff, Thomas (19 August 2015). "Thousands of .mil addresses potentially leaked in Ashley Madison hack". The Washington Post . Archived from the original on 20 August 2015. Retrieved 20 August 2015.
  23. "Report: Hack of Adultery Site Ashley Madison Exposed Military Emails". Military.com. 31 October 2017. Archived from the original on 20 August 2015. Retrieved 20 August 2015.
  24. Ewing, Philip (20 August 2015). "Pentagon investigating whether troops used cheating website". Politico . Archived from the original on 20 August 2015. Retrieved 21 August 2015.
  25. Krebs, Brian (21 August 2015). "Extortionists Target Ashley Madison Users". Krebs on security. Archived from the original on 22 August 2015. Retrieved 22 August 2015.
  26. "Extortion begins for Ashley Madison hack victims". The Hill . 21 August 2015. Archived from the original on 23 August 2015. Retrieved 24 August 2015.
  27. "Ashley Madison users now facing extortion". FOX2now.com. 21 August 2015. Archived from the original on 22 August 2015. Retrieved 24 August 2015.
  28. 1 2 "Ashley Madison spam starts, as leak linked to first suicide". theregister.co.uk. Archived from the original on 11 March 2017. Retrieved 24 August 2017.
  29. "The Ashley Madison files – are people really this stupid?". theregister.co.uk. Archived from the original on 22 March 2017. Retrieved 24 August 2017.
  30. "In the wake of Ashley Madison, towards a journalism ethics of using hacked documents". Online Journalism Blog. 20 July 2015. Archived from the original on 18 August 2015. Retrieved 20 August 2015.
  31. "Ashley Madison hack: The ethics of naming users - Fortune". Fortune . Archived from the original on 20 August 2015. Retrieved 20 August 2015.
  32. "Jon Ronson And Public Shaming". onthemedia. Archived from the original on 4 March 2016. Retrieved 20 August 2015.
  33. "Ashley Madison hack: The depressing rise of the 'moral' hacker". Telegraph.co.uk. 20 August 2015. Archived from the original on 15 September 2017. Retrieved 4 April 2018.
  34. "As our own privacy becomes easier to invade, are we losing our taste for celebrity sleaze?". newstatesman.com. 5 August 2015. Archived from the original on 21 August 2015. Retrieved 20 August 2015.
  35. 1 2 Gregoire, Carolyn (20 August 2015). "Ashley Madison Hack Could Have A Devastating Psychological Fallout". HuffPost . Archived from the original on 23 November 2015. Retrieved 24 August 2015.
  36. "The Ashley Madison hack - further thoughts on its aftermath". Graham Cluley. 28 July 2015. Archived from the original on 18 September 2016. Retrieved 24 August 2015.
  37. Farhad Manjoo (6 September 2015). "Hacking victims deserve empathy, not ridicule". Sydney Morning Herald. Archived from the original on 7 September 2015. Retrieved 6 September 2015.
  38. Charles J. Orlando (23 July 2015). "I Was Hacked on Ashley Madison – But It's You Who Should Be Ashamed". Yahoo! Style. Archived from the original on 21 March 2017. Retrieved 8 October 2015 via Your Tango.
  39. "Ashley Madison hack: 2 unconfirmed suicides linked to breach, Toronto police say". CBC. 24 August 2015. Archived from the original on 24 August 2015. Retrieved 24 August 2015.
  40. "Suicide and Ashley Madison". Graham Cluley. 24 August 2015. Archived from the original on 24 September 2015. Retrieved 24 August 2015.
  41. Beltran, Jacob (25 August 2015). "Widow addresses suicide of SAPD captain linked to Ashley Madison site". San Antonio Express News. Archived from the original on 17 March 2021. Retrieved 27 August 2015.
  42. Laurie Segall (8 September 2015). "Pastor outed on Ashley Madison commits suicide". CNN Business . Archived from the original on 14 May 2020. Retrieved 2 August 2020.
  43. "Ashley Madison faces huge class-action lawsuit". BBC News . 23 August 2015. Archived from the original on 4 December 2020. Retrieved 24 August 2015.
  44. "Ashley Madison parent in $11.2 million settlement over data breach". CNBC. 15 July 2017. Archived from the original on 15 July 2017. Retrieved 15 July 2017.
  45. "Ashley Madison Review". Datingscout.com. Archived from the original on 25 November 2020. Retrieved 5 January 2020.
  46. Newitz, Annalee (27 August 2015). "The Fembots of Ashley Madison". Gizmodo . Archived from the original on 27 August 2015. Retrieved 28 August 2015.
  47. 1 2 Reed, Brad (27 August 2015). "The most hilarious revelation about the Ashley Madison hack yet". Yahoo! Tech . Archived from the original on 28 August 2015. Retrieved 28 August 2015.
  48. Gallagher, Paul (27 August 2015). "Ashley Madison hack: Just three in every 10,000 female accounts on infidelity website are real". The Independent . Archived from the original on 28 November 2018. Retrieved 24 August 2017.
  49. Newitz, Annalee (31 August 2015). "Ashley Madison Code Shows More Women, and More Bots". Gizmodo . Archived from the original on 19 October 2017. Retrieved 19 December 2015.
  50. Dean Pierce. "Sophisticated Security". pxdojo.net. Archived from the original on 28 August 2015. Retrieved 29 August 2015.
  51. Zack Whittaker. "This is the worst password from the Ashley Madison hack". ZDNet. Archived from the original on 28 August 2015. Retrieved 29 August 2015.
  52. Include Security (19 August 2015). "Include Security Blog - As the ROT13 turns....: A light-weight forensic analysis of the AshleyMadison Hack". includesecurity.com. Archived from the original on 22 August 2015. Retrieved 20 August 2015.
  53. Goodin, Dan (10 September 2015). "Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked". Ars Technica . Archived from the original on 10 September 2015. Retrieved 10 September 2015.
  54. Brownell, Claire (11 September 2015). "Inside Ashley Madison: Calls from crying spouses, fake profiles and the hack that changed everything". Financial Post . Archived from the original on 29 September 2015. Retrieved 18 September 2015.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.