Avid Life Media runs Ashley
Madison, the internet's #1 cheating site, for people who are married or
in a relationship to have an affair. ALM also runs Established Men, a
prostitution/human trafficking website for rich men to pay for sex, as
well as cougar life, a dating website for cougars, man crunch, a site
for gay dating, swappernet for swingers, and the big and the beautiful,
for overweight dating.
Trevor, ALM's CTO once said "Protection of personal
information" was his biggest "critical success factors" and "I would
hate to see our systems hacked and/or the leak of personal information"
Well Trevor, welcome to your worst fucking nightmare.
We are the Impact Team. We have hacked them completely,
taking over their entire office and production domains and thousands of
systems, and over the past few years have taken all customer
information databases, complete source code repositories, financial
records, documentation, and emails, as we prove here. And it was easy.
For a company whose main promise is secrecy, it's like you didn't even
try, like you thought you had never pissed anyone off.
Avid Life Media has been instructed to take Ashley
Madison and Established Men offline permanently in all forms, or we will
release all customer records, including profiles with all the
customers' secret sexual fantasies and matching credit card
transactions, real names and addresses, and employee documents and
emails. The other websites may stay online.
So far, ALM has not complied.
First, we expose that ALM management is bullshit and has made millions of dollars from complete 100% fraud. Example:
-Ashley Madison advertises "Full Delete" to "remove all traces of your usage for only $19.00"
-It specifically promises "Removal of site usage history and personally identifiable information from the site"
-Full Delete netted ALM $1.7mm in revenue in 2014. It's also a complete lie.
-Users almost always pay with credit card; their
purchase details are not removed as promised, and include real name and
address, which is of course the most important information the users
want removed.
-Other very embarrassing personal information also remains, including sexual fantasies and more
-We have all such records and are releasing them as Ashley Madison remains online.
Avid Life Media will be liable for fraud and extreme
personal and professional harm from millions of their users unless
Ashley Madison and Established Men are permanently placed offline
immediately.
Our one apology is to Mark Steele (Director of
Security). You did everything you could, but nothing you could have done
could have stopped this.
This is your last warning,
Impact Team
We are not opportunistic skids with DDoS or SQLi
scanners or defacements. We are dedicated, focused, skilled, and we're
never going away. If you profit off the pain of others, whatever it
takes, we will completely own you.
For our first release, and to prove we have done all we
claim, we are listing *one* Ashley Madison credit card transaction for
each day for the past 7 years, complete with customer name and address
(oneperday.txt) and associated profile information
(oneperday_am_am_member.txt and oneperday_aminno_member.txt, selected
rows from our complete dump of the AM databases). We are also releasing a
hash dump and zone file for both domains, select documents from your
file servers, executives' google drives, and emails, and the Ashley
Madison source code repository. Also, since Ashley Madison stopped using
plaintext passwords, we're also releasing the swappernet user table,
which still has plaintext passwords.
1 example from this dump: ".........", with
profile ID 23288650, who spitefully paid for Ashley Madison the day
after valentine's day in 2014, lives at ........., MA in
the US, with email ................ He is not only married/attached,
but is open to a list of fantasies from Ashley Madison's list:
|29|44|39|37|7|, a.k.a. "Cuddling & Hugging", "Likes to Go Slow",
"Kissing", and "Conventional Sex". He's looking for 'A woman who seeks
the same things I seek: passion and affection. If you have such desires
then we will get alone just fine','|54|11|9|' which means "Good
Communicator", "Discretion/Secrecy", and "Average Sex Drive". He also
says "I have only two personal interests on this site. Making sure that
You are comfortable with me should I be so fortunate to hold your
attention and making sure I take the role of discretion to an artform. I
mean isn't this why we are here, to be as discreet as possible?" From
the login table, we know his user ID is 'Heavy73' and password hash is
'$2a$12$ndvz/F.EXyJKRYkrErX/w.EDgzF7cNkJcQvNeDGQylEMHRw2COLZO'.
As another, profile ID 48040 is listed as a "paid
delete", which means a few of his profile text boxes are gone, but from
purchase records we know it is "............" from "............" "Mississauga","ON" "L4Z3P8" whose fantasies are
|7|40|17|34|33|37|38|48|36|42|43|50|44|32|39|29|49|18|, which includes
"Likes to Give Oral Sex", "Likes to Receive Oral Sex", "Light Kinky
Fun", "Role Playing", "Erotic Tickling", "Erotic Movies", "Good With
Your Hands", "Sensual Massage", and "Dressing Up/Lingerie" among others.
You must be glad you paid for your profile to be deleted, huh?
Too bad for those men, they're cheating dirtbags and
deserve no such discretion. Too bad for ALM, you promised secrecy but
didn't deliver. We've got the complete set of profiles in our DB dumps,
and we'll release them soon if Ashley Madison stays online.
And with over 37 million members, mostly from the US
and Canada, a significant percentage of the population is about to have a
very bad day, including many rich and powerful people.
Well, Noel? Trevor? Rizwan? What's it going to be?
