Skip navigation

The unknown-group-that-is-not-Impact-Team has just released a second archive containing data from Ashley Madison on the same webpage as the first one.

TL;DR :

  • The leak contains lots of source code (nearly 3M lines of code according to sloccount)
  • 73 different git repositories are present
  • Ashley Madison used gitlab internally
  • The 13GB compressed file which could contain AM CEO’s emails seems corrupted. Is it a fake one?
  • The leak contains plain text or poorly hashed (md5) db credentials

It has been released with a message referring to AM CEO, Noel Biderman, who stated that the previous leak might be a fake:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Noel, you can admit it's real now

- -Impact Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJV1VRfAAoJECQ3PNV0q6o4rKMP/0+1JUAg3fTN5iL7kqfoAKj/
YM5Ed5ZzUtsIdwZOmm9zuxyFSTVIwslf8tMyYBnSCGMpT7zXwckkcyJmGR7yu6tj
f+CiBcwZOfVfGWsxV69PrfvBbmHoIovuBv2n6fVhRWkzgpotRyK1WNHTDBWKkrKP
LKtXp+9xp/8d1f8wPMTU7HDiRNPaG1PErFtr4T7E/OiSPXNiaFRAWMm6kDDazVeD
fTNoCaJchz4GEz5DXlePS+cX3CoNms8w+1OFKdxjux7WsVqquNY6yjcm9tP1ybvT
nvzJYLz0dYwxJ/THgHARr+zJjZsFNKeL1Ts1F7j4TXl41YWr0N+H/Ohm7WtTMb2I
4trpNrag/7vOn89YPNbhPH4MKTepkbRtlHucorrh6YMbULKpkf970DmG8HqzVNEj
nyA/KTgWL2hSfUvLdcBvG27dD7HWR/k81uBCd6uie3L2JO8wFVIuATwGUFAWWX5y
NvcQgF/xgvvBrxTs4nNWs5TguNychtQTc1duUi0QrAE2DZkBWpSxG3HE5rLhQUDn
7ImbbHnNU9+PgwV+LxRCAPoUMDJc85/QG0+UMW2MJC2iGOKcPQD4BpmTNOfvJlU+
RB98fH+VWVfBT+/KdfqoDI3liiR6BAX9aCIQMhVpJnA7owMh+/HOLEeh/AbQnp59
ft1FwTGBCJB/eXxYf/1P
=5omL
-----END PGP SIGNATURE-----

Leak content

The archive is 19GB, which is the double of the first part of the leak. It contains the following files:

ashleymadison_part2

The leak contains lots of gitlab repositories. Here are the name of the projects and the name of the different repositories:

repositories

Sloccount announces nearly 3M lines of code :

Totals grouped by language (dominant language first):
php:        2440587 (81.58%)
objc:        192704 (6.44%)
ruby:        120264 (4.02%)
java:        104725 (3.50%)
cs:           60546 (2.02%)
ansic:        40943 (1.37%)
sh:           12857 (0.43%)
perl:         10349 (0.35%)
python:        5123 (0.17%)
cpp:           2646 (0.09%)
pascal:         848 (0.03%)
sed:            112 (0.00%)
lisp:             6 (0.00%)




Total Physical Source Lines of Code (SLOC)                = 2,991,710

ashleymadison.tgz

Contains all gitlab repositories related to the website.

avid.tgz

avid is the name of the company behind Ashley Madison.

This archive contains 12 gitlab repositories, belonging to the avid user.
The repositories are:

  • alm_billing
  • alm_billing.wiki
  • avid-generator
  • avid-generator.wiki
  • bill
  • bill.wiki
  • billing-builds
  • billing
  • gatekeeper
  • gatekeeper.wiki
  • utilitybelt
  • utilitybelt.wiki

qa.tgz

Contains four gitlab git repositories belonging to a qa user. The four repositories are qa-duck.wiki, qa-duck, qa-automation and am-automation.

More to come as I scrap through the data from this archive. This article will be updated during the next hours (dl @92.2%. And slowly downloading. Yay.)
Another (more complete) article will come in a few days with details on both parts of this leak.

Don’t forget to check my quick write up on the first part of this leak : Ashley Madison full dump has finally leaked

One Comment

  1. It amazes me that the media attention has been so widespread. The OPM breach got a few minutes of « air-time », while this has seen much more. I guess biometric data of government employees isn’t as sexy ¬_¬


Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

What is 10 + 13 ?
Please leave these two fields as-is: