Data from hack of Ashley Madison cheater site dumped online [Updated]
Gigabytes worth of data taken during last month’s hack of the Ashley Madison dating website for cheaters has been published online—an act that could be highly embarrassing for the men and women who have used the service over the years.
A 10-gigabyte file containing e-mails, member profiles, credit-card transactions and other sensitive Ashley Madison information became available as a BitTorrent download in the past few hours. Ars downloaded the massive file and it appeared to contain a trove of details taken from a clandestine dating site, but so far there is nothing definitively linking it to Ashley Madison. User data included e-mail addresses, profile descriptions, addresses provided by users, weight, and height. A separate file containing credit card transaction data didn’t include full payment card numbers or billing addresses.
Rob Graham, CEO of Errata Security, said the dump also included user passwords that were cryptographically protected using the bcrypt hashing algorithm. That’s among the most secure ways to store passwords, because bcrypt is extremely slow, a trait that requires crackers to devote vast amounts of time and computing resources.
Still, it’s highly likely a large percentage of the hashes will be cracked, given rampant use of weak passwords. That will go a long way to preventing the cracking of even moderately weak passwords, although “1234567” “password” and the other mostly widely used passcodes will likely fall after some time.