Skip navigation

Earlier today, the full dump of Ashley Madison has finally leaked on an .onion (Tor) website. A more complete analysis will follow in the next days. Also check out the write up on part 2 of the leak.

TL;DR :

  • The leaked files seem totally legit
  • 33 million accounts and user personal information have leaked
  • 36 million email addresses have leaked (you might get some spam…)
  • Accounts’ passwords were stored in a secure way and while they won’t be cracked as a whole, someone targeting you might crack your password. Change it.
  • The dump was made on 11/07/15 (July). If you registered your account after this date, you are mostly safe. If you registered before, your personal information are at risk and I advise you to take measures to protect yourself from identity/credit card theft.

 

Leak content

The leak contains the following files :

am_tree

Those compressed files weight ~ 10GB (and about 35GB uncompressed).

README

The readme file contains the following text:

  _______ _____ __  __ ______ _       _    _ _____  _ 
 |__   __|_   _|  \/  |  ____( )     | |  | |  __ \| |
    | |    | | | \  / | |__  |/ ___  | |  | | |__) | |
    | |    | | | |\/| |  __|   / __| | |  | |  ___/| |
    | |   _| |_| |  | | |____  \__ \ | |__| | |    |_|
    |_|  |_____|_|  |_|______| |___/  \____/|_|    (_)

Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.

Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.

Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.

Any data not signed with key 6E50 3F39 BA6A EAAD D81D ECFF 2437 3CD5 74AB AA38 is fake.

74ABAA38.txt

This file contains the GPG public key that can be used to check that all the files were created by the author and *not* modified by some third party. They are all legit in this case.

CreditCardTransactions.7z

This archive contains *all* the credit card transactions from the past 7 years! (The first csv file dates back to March 2008). All those csv files contains the names, street address, amount paid and email address of everyone who paid something on AshleyMadison. Those ~2600 files represent more than 9.600.000 transactions !

am_am.dump

Here comes the interesting part. This file contains 32 million user data: first/last names, street address, phone numbers, relationship status, what they are looking for, if they drink, smoke, their security question, date of birth, nickname, etc…

ashleymadisondump.7z

This archive mostly contains administrative documents about AM internals some of them were published a few days after the breach was announced.

aminno_member.dump

I don’t know where does this database dump come from, but it also contains some personal data.

aminno_member_email.dump

About 36 million email addresses. (Gonna make some stats on them in a second time)

member_details.dump

Physical description: eyes color, weight, height, hair color, body type, “ethnicity”, caption…

member_login.dump

This database dump contains more than 30 million usernames + hashed passwords. The passwords are hashed with the bcrypt algorithm and
a huge cost factor of 12, which makes a global attack on the password very unlikely (even for most commons passwords). However, attacking a single (or a couple) of passwords is still possible and you definitely need to change your password.

Tables schema

To give you an idea of what is stored in the database, here are the different tables schema of the database. Fields name are really explicit.

CREATE TABLE `am_am_member` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`createdon` timestamp NULL DEFAULT NULL,
`createdby` int(11) DEFAULT NULL,
`updatedon` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`updatedby` int(11) DEFAULT NULL,
`admin` int(11) DEFAULT NULL,
`status` int(11) DEFAULT NULL,
`account_type` int(11) DEFAULT NULL,
`membership_status` int(11) DEFAULT NULL,
`ad_source` int(11) NOT NULL DEFAULT ‘0’,
`profile_number` int(11) DEFAULT NULL,
`nickname` varchar(16) DEFAULT NULL,
`first_name` varchar(24) DEFAULT NULL,
`last_name` varchar(24) DEFAULT NULL,
`street1` varchar(70) DEFAULT NULL,
`street2` varchar(70) DEFAULT NULL,
`city` varchar(28) DEFAULT NULL,
`zip` varchar(16) DEFAULT NULL,
`state` int(11) DEFAULT NULL,
`latitude` double NOT NULL DEFAULT ‘0’,
`longitude` double NOT NULL DEFAULT ‘0’,
`country` int(11) DEFAULT NULL,
`phone` varchar(24) DEFAULT NULL,
`work_phone` varchar(24) DEFAULT NULL,
`mobile_phone` varchar(24) DEFAULT NULL,
`gender` int(11) DEFAULT NULL,
`dob` date DEFAULT NULL,
`profile_caption` varchar(64) DEFAULT NULL,
`profile_ethnicity` int(11) DEFAULT NULL,
`profile_weight` int(11) DEFAULT NULL,
`profile_height` int(11) DEFAULT NULL,
`profile_bodytype` int(11) DEFAULT NULL,
`profile_smoke` int(11) DEFAULT NULL,
`profile_drink` int(11) DEFAULT NULL,
`profile_initially_seeking` int(11) DEFAULT NULL,
`profile_relationship` int(11) DEFAULT NULL,
`pref_opento` varchar(164) NOT NULL DEFAULT  »,
`pref_opento_other` varchar(28) DEFAULT NULL,
`pref_opento_abstract` mediumtext NOT NULL,
`pref_turnsmeon` varchar(164) NOT NULL DEFAULT  »,
`pref_turnsmeon_other` varchar(28) DEFAULT NULL,
`pref_turnsmeon_abstract` mediumtext,
`pref_lookingfor` varchar(164) NOT NULL DEFAULT  »,
`pref_lookingfor_other` varchar(28) DEFAULT NULL,
`pref_lookingfor_abstract` mediumtext,
`main_photo` int(11) DEFAULT NULL,
`security_question` int(1) NOT NULL DEFAULT ‘0’,
`security_answer` varchar(32) NOT NULL DEFAULT  »,

CREATE TABLE `aminno_member` (
`pnum` int(11) NOT NULL DEFAULT ‘0’,
`approved` tinyint(1) NOT NULL DEFAULT ‘0’,
`signupvid` varchar(64) NOT NULL DEFAULT  »,
`signupip` varchar(15) NOT NULL DEFAULT  »,
`sponsor` int(8) NOT NULL DEFAULT ‘0’,
`nickname` varchar(28) CHARACTER SET utf8 COLLATE utf8_general_mysql500_ci NOT NULL DEFAULT  »,
`gender` int(1) NOT NULL DEFAULT ‘0’,
`ishost` tinyint(1) NOT NULL DEFAULT ‘0’,
`flags` int(11) NOT NULL DEFAULT ‘0’,
`fraud_flag` int(11) NOT NULL DEFAULT ‘0’,
`country` int(1) NOT NULL DEFAULT ‘0’,
`state` int(3) NOT NULL DEFAULT ‘0’,
`zip` varchar(16) NOT NULL DEFAULT  »,
`latitude` double NOT NULL DEFAULT ‘0’,
`longitude` double NOT NULL DEFAULT ‘0’,
`timezone` int(3) NOT NULL DEFAULT ‘0’,
`city` varchar(28) NOT NULL DEFAULT  »,
`adsource` int(2) NOT NULL DEFAULT ‘0’,
`seeking` int(2) NOT NULL DEFAULT ‘0’,
`dob` date NOT NULL DEFAULT ‘0000-00-00’,
`credits` int(5) NOT NULL DEFAULT ‘0’,
`flatrate` timestamp NOT NULL DEFAULT ‘0000-00-00 00:00:00’,
`accept_collect` tinyint(1) NOT NULL DEFAULT ‘1’,
`accept_host_contact` tinyint(1) NOT NULL DEFAULT ‘1’,
`accept_mail_auto_responder` tinyint(1) NOT NULL DEFAULT ‘1’,
`restrict_global` tinyint(1) NOT NULL DEFAULT ‘0’,
`restrict_bc` tinyint(1) NOT NULL DEFAULT ‘0’,
`bc_mail_last_time` timestamp NOT NULL DEFAULT ‘0000-00-00 00:00:00’,
`bc_chat_last_time` timestamp NOT NULL DEFAULT ‘0000-00-00 00:00:00’,
`reply_mail_last_time` timestamp NOT NULL DEFAULT ‘0000-00-00 00:00:00’,
`photos_public` int(1) NOT NULL DEFAULT ‘0’,
`photos_private` int(2) NOT NULL DEFAULT ‘0’,
`keywords` mediumtext NOT NULL,
`set_chat_enabled` int(1) NOT NULL DEFAULT ‘1’,
`set_chat_available` int(1) NOT NULL DEFAULT ‘1’,
`set_show_profile` tinyint(1) NOT NULL DEFAULT ‘1’,
`set_show_online` tinyint(1) NOT NULL DEFAULT ‘1’,
`set_view_rated` tinyint(1) NOT NULL DEFAULT ‘0’,
`mail_auto_responder` int(5) NOT NULL DEFAULT ‘0’,
`mail_auto_responder_msg` varchar(255) DEFAULT NULL,
`security_question` int(1) NOT NULL DEFAULT ‘0’,
`security_answer` varchar(32) NOT NULL DEFAULT  »,
`caption` varchar(64) DEFAULT NULL,
`ethnicity` int(11) DEFAULT NULL,
`weight` int(11) DEFAULT NULL,
`height` int(11) DEFAULT NULL,
`bodytype` int(11) DEFAULT NULL,
`smoking` int(11) DEFAULT NULL,
`limits` int(11) DEFAULT NULL,
`opento` varchar(164) NOT NULL DEFAULT  »,
`opento_other` varchar(28) DEFAULT NULL,
`opento_abstract` mediumtext NOT NULL,
`turnsmeon` varchar(164) NOT NULL DEFAULT  »,
`turnsmeon_other` varchar(28) DEFAULT NULL,
`turnsmeon_abstract` mediumtext NOT NULL,
`lookingfor` varchar(164) NOT NULL DEFAULT  »,
`lookingfor_other` varchar(28) DEFAULT NULL,
`lookingfor_abstract` mediumtext NOT NULL,
`eye_color` int(11) NOT NULL DEFAULT ‘0’,
`hair_color` int(11) NOT NULL DEFAULT ‘0’,
`updatedon` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,

CREATE TABLE `aminno_member_email` (
`pnum` int(11) NOT NULL DEFAULT ‘0’,
`email` varchar(128) NOT NULL DEFAULT  »,
`isvalid` tinyint(1) NOT NULL DEFAULT ‘1’,
`html` tinyint(1) NOT NULL DEFAULT ‘0’,
`optin` int(1) NOT NULL DEFAULT ‘0’,
`notify_newmail` int(1) NOT NULL DEFAULT ‘1’,
`notify_newmember` int(1) NOT NULL DEFAULT ‘1’,
`notify_login` int(1) NOT NULL DEFAULT ‘1’,
`notify_offer` tinyint(1) NOT NULL DEFAULT ‘1’,

CREATE TABLE `member_details` (
`pnum` int(11) unsigned NOT NULL,
`eye_color` int(11) unsigned NOT NULL DEFAULT ‘0’,
`hair_color` int(11) unsigned NOT NULL DEFAULT ‘0’,
`dob` date DEFAULT NULL,
`profile_caption` varchar(64) DEFAULT NULL,
`profile_ethnicity` int(11) unsigned DEFAULT NULL,
`profile_weight` int(11) unsigned DEFAULT NULL,
`profile_height` int(11) unsigned DEFAULT NULL,
`profile_bodytype` int(11) unsigned DEFAULT NULL,
`profile_smoke` int(11) unsigned DEFAULT NULL,
`profile_drink` int(11) unsigned DEFAULT NULL,
`profile_initially_seeking` int(11) unsigned DEFAULT NULL,

CREATE TABLE `member_login` (
`pnum` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(28) CHARACTER SET utf8 COLLATE utf8_general_mysql500_ci NOT NULL DEFAULT  »,
`password` varchar(128) NOT NULL DEFAULT  »,
`loginkey` varchar(36) NOT NULL DEFAULT  »,
`notify` int(4) NOT NULL DEFAULT ‘0’,




20 Comments

    • Anne
    • Posted 25 août 2015 at 7 h 12 min
    • Permalink

    Hi V,
    I would like your help as well. I have a yahoo acct **REDACTED: NO EMAIL ADDRESS PLEASE**.
    Thank you…

    • Anne
    • Posted 25 août 2015 at 7 h 13 min
    • Permalink

    V,
    Sorry… **REDACTED: NO EMAIL ADDRESS PLEASE**…

    • holy
    • Posted 25 août 2015 at 17 h 39 min
    • Permalink

    9 Gb of

    (NULL) (NULL) (NULL) (NULL) (NULL)

    Pf!

    • nope
    • Posted 25 août 2015 at 20 h 23 min
    • Permalink

    i’m seeing a trend here, so i’ll just ask the question.

    we’re all a little >twitch< upset. to put it mildly.

    DOES ANYONE HAVE THE DATA DOWNLOADED WHO WILL LOOK UP AN ASSHOLE FOR ME?

    • looking4help
    • Posted 26 août 2015 at 2 h 45 min
    • Permalink

    V, Could you contact me at **REDACTED: NO EMAIL ADDRESS PLEASE** I have an email I would like to have someone look up in the database. I have bits and pieces of info from other sites..but looking for a full report.

    Thanks

    • Darth Sucka
    • Posted 26 août 2015 at 6 h 31 min
    • Permalink

    The people who released this data, no regard for the people it’s affected, it’s despicable.

    Some of the people in this database live in countries where adultery is illegal, these people could be jailed or killed.

    Most of the users never had an affair, would probably back out if they actually managed to set one up, it’s a fantasy, it’s porn, it’s just exciting to think about it. Let he who has never looked at porn on the internet cast the first stone.

    And now people are committing suicide. Fathers and husbands, whose only crime was to seek a little thrill in talking to women who were also wanting a thrill, their lives ruined. Their children shamed, wives humiliated, employers unforgiving.

    People who think the customers in this DB are morally repugnant: this is only the beginning and you’ll come to regret your gleeful self-righteous holier-than-thou schadenfreude. All the porn you’ve ever looked at, all the nasty comments you’ve ever left on blogs, all the messages you’ve ever sent on dating sites, all your IM chat logs, all your emails – all out there for everyone to see. It’s only a matter of time.

    So word to the wise – mind your business, don’t encourage the hackers.

    • VeryAngry
    • Posted 26 août 2015 at 20 h 14 min
    • Permalink

    I would like to the details from my husband’s account. You can contact me at an email I just set up for the purpose of communication regarding AM.

    **REDACTED: NO EMAIL ADDRESS PLEASE**

    • Anon
    • Posted 26 août 2015 at 20 h 31 min
    • Permalink

    Hey Darth Sucka —

    Nice sympathizing with the scum! I got all of the data and have been having a blast in my brief time with it. Super interesting just to read through. But I absolutely do not feel bad about it. Will I bulk-release data? Of course not. Won’t stop me from sharing interesting finds with the relevant people of course.

    • Curious????????
    • Posted 26 août 2015 at 21 h 50 min
    • Permalink

    I would like to get information about this site and if my fiance’ has used it as well! I would appreciate any help on getting any details etc. please and thank you!

    • Alexandria
    • Posted 27 août 2015 at 0 h 21 min
    • Permalink

    Hi, can you help me? I’m looking for the information of one specific user on the list. A search database told me that the email address is contained in the list. I need to find out what other information is available for that user. Your help would be extremely appreciated. Thank you.

    • need hekp olease
    • Posted 27 août 2015 at 1 h 19 min
    • Permalink

    need to find info of email that I found of spouse. Please can someone tell me where to find cc info and dates…email has been verified.

    • SuckmydickDarthSucka
    • Posted 27 août 2015 at 14 h 55 min
    • Permalink

    Hey empathatic asshole I bet you are one those cocsuckers who registered on that site and now shit hit the fan you are preaching morality which nobody gives a fuck. So keep your fake morality and faggot preaching to yorself. that site got nothing to do with porn in ther first place but about making real life relationships solely based on cheating, so get your fucking facts straight before defending it blindly. And all of those who registered on the site took a calculated risk considering almost no one is safe on the internet today. They can suck it now, so can you. Hasta la vista, motherfucker.

    • v
    • Posted 28 août 2015 at 3 h 21 min
    • Permalink

    Hi all, a couple of things…

    It seems your emails get redacted when you try to post them. If you can get around this, I might be able to reach out to you for further discussion.

    Daughter09, I think I emailed you directly, let me know if I did not get it right or you don’t receive it. Sorry I haven’t been back to check this site in the last few days.

    Darth Sucka, it’s terrible. There is no way around it. There are plenty of users (most it seems) who are guilty of nothing more than even signing up and now many of them have their lives and livelihoods threatened. I will not/would not release any information about someone who is in a country with such criminalization of and extreme punishment for these activities. It is also terribly sad that some people are so overcome with guilt that they have ended their own lives or could become unsafe in other ways. These are true stories. But they are their stories and their decisions and I will not feel guilty for their choice of how they respond to their own guilt and shame. I will still feel sorry for them, but it does not make me second guess what I am doing by helping people discover more of the truth about their loved ones. I do encourage the hackers. Truth and transparency are needed in our society. I have looked at porn and done other things I am not proud of. It’s out there somewhere and maybe one day the hackers will out me about something and I will have to own up to it. I should probably own up to it anyway. Maybe I can say this because I feel it’s not « that bad » by comparison, but the truth is that if everyone were truthful, no secrets and no lying, we would all be better off. A sudden outing of everyones skeletons would be very disruptive and very painful but ultimately a good thing. The pain and suffering would be temporary, a few generations perhaps, and as a society we would adjust and grow to be much better people than we are now. The hacktivists have the right idea. No execution is perfect and it’s terrible what is happening to some of these people who could be jailed or killed as a result. I wish it weren’t the case and clearly there needed to be more thought put in to this release. Hacktivism needs to mature perhaps, but the concept I support in general. Information should be free.

    • AlexanderSupertramp
    • Posted 28 août 2015 at 5 h 28 min
    • Permalink

    I have the entire database loaded and ported to mssql24. It’s kind of a crappy database architecture.

    • SQLGuy
    • Posted 28 août 2015 at 21 h 29 min
    • Permalink

    I’ve been pretty busy this week but as it turns out MYSQL doesn’t like running on hyperv for some reason. I dug out an old laptop that has 32GB or RAM and 2 SSD’s and loaded up the two MySQL databases. From there I converted the into a single MS SQL2012 and I’m now importing all the csv files into a table in my MS SQL database. I don’t think this is a full dump of everything. I think it’s a full dump of the email addresses but the number of rows between the various tables differ and the am database table is an exact round number of rows. I think it interesting to see the count of email address that are like ‘%ashleymadison’ which seems to prove what the hacker claims that AM had fake female accounts fleecing men for money.

    • SQLGuy
    • Posted 31 août 2015 at 18 h 54 min
    • Permalink

    I’d like to know where the media is getting the number of actual female members who were active on the site. My queries return 1.42 million without filtering for « IsValid=1 » if I add that I still get 850k females.

    select
    mem.nickname,
    mem.ethnicity,
    mem.city,
    mem.zip,
    mem.dob,
    mem.bc_mail_last_time,
    mem.bc_chat_last_time,
    mem.reply_mail_last_time,
    mem.updatedon,
    eml.*,
    dts.*,
    lgn.username

    from aminno_member_email eml
    LEFT JOIN aminno_member mem on eml.pnum = mem.pnum
    LEFT JOIN member_details dts on eml.pnum = dts.pnum
    LEFT JOIN member_login lgn on eml.pnum = lgn.pnum

    where mem.gender = ‘1’ and eml.email not like ‘%@ashleymadison.com’ and isvalid = ‘1’

    • Kelly
    • Posted 5 septembre 2015 at 12 h 21 min
    • Permalink

    Hello,
    About member_login.dump
    You mention « 30 million usernames + hashed passwords » I can only find 1.5m (1,584,656)in that file, including the gremlins.
    the last one being [edited]
    1584656,’wil[xxxx]51′,’$2a$12$MswKeaShMKSmTzko[xxxxxxxxxxxxxxxxx]CHt3Yq8RjQYvAQN9Occq’

    Am I missing something obvious? is there a second hash file?
    Thanks.

    • anonferret
    • Posted 5 septembre 2015 at 22 h 23 min
    • Permalink

    Judging from the shcema, it seems like aminna_member is an upgraded version of am_am. You can see that they have added many new features (or were plannign to) like an approval process, chat, private and public profile pictures, fraud flagging, and mail auto-responders.

    • anonferret
    • Posted 5 septembre 2015 at 22 h 31 min
    • Permalink

    You can also zcat each dump to less and see that am_am.dump comes from a database called am, and the aminno_*.dumps come from a database named ammino. the am database only had one table, am_am. In the ammino database, they’ve created seperate tables for member, member_email, member_details, and member_login. I would guess this redesign would allow for more efficient queries.

  1. my calculations with elementary knowledge:

    google calc says that 1,42 million is 0,51% from 36 million. numbers taken from above text agreeing with basic internet rule that email address is synonim for personality. one person, one email. so not 5%, but ten times less are the women in this site wich is money-motivated fraud to customers. and no, it does not matter where data comes from, in fact the disaster is made by deceipting humans and speculating with their genetically based need to be, to live together, to communicate together. in any desired way. that is important – the birth right of free will and free choice, in other words the divine right of identity. and it does not matter that somebody showed part of the truth in not so well accepted way. in my culture there is a ancient speaking about such type of relations:

    it is not the mad who eats the cake, but who gives the cake to him.

    in the original its not cake but other meal, but the message is clear. personally i join the ultimate position: truth makes us free.


Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

What is 6 + 5 ?
Please leave these two fields as-is: