Skip navigation

Tag Archives: Ashley madison

The unknown-group-that-is-not-Impact-Team has just released a second archive containing data from Ashley Madison on the same webpage as the first one.

TL;DR :

  • The leak contains lots of source code (nearly 3M lines of code according to sloccount)
  • 73 different git repositories are present
  • Ashley Madison used gitlab internally
  • The 13GB compressed file which could contain AM CEO’s emails seems corrupted. Is it a fake one?
  • The leak contains plain text or poorly hashed (md5) db credentials

It has been released with a message referring to AM CEO, Noel Biderman, who stated that the previous leak might be a fake:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Noel, you can admit it's real now

- -Impact Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJV1VRfAAoJECQ3PNV0q6o4rKMP/0+1JUAg3fTN5iL7kqfoAKj/
YM5Ed5ZzUtsIdwZOmm9zuxyFSTVIwslf8tMyYBnSCGMpT7zXwckkcyJmGR7yu6tj
f+CiBcwZOfVfGWsxV69PrfvBbmHoIovuBv2n6fVhRWkzgpotRyK1WNHTDBWKkrKP
LKtXp+9xp/8d1f8wPMTU7HDiRNPaG1PErFtr4T7E/OiSPXNiaFRAWMm6kDDazVeD
fTNoCaJchz4GEz5DXlePS+cX3CoNms8w+1OFKdxjux7WsVqquNY6yjcm9tP1ybvT
nvzJYLz0dYwxJ/THgHARr+zJjZsFNKeL1Ts1F7j4TXl41YWr0N+H/Ohm7WtTMb2I
4trpNrag/7vOn89YPNbhPH4MKTepkbRtlHucorrh6YMbULKpkf970DmG8HqzVNEj
nyA/KTgWL2hSfUvLdcBvG27dD7HWR/k81uBCd6uie3L2JO8wFVIuATwGUFAWWX5y
NvcQgF/xgvvBrxTs4nNWs5TguNychtQTc1duUi0QrAE2DZkBWpSxG3HE5rLhQUDn
7ImbbHnNU9+PgwV+LxRCAPoUMDJc85/QG0+UMW2MJC2iGOKcPQD4BpmTNOfvJlU+
RB98fH+VWVfBT+/KdfqoDI3liiR6BAX9aCIQMhVpJnA7owMh+/HOLEeh/AbQnp59
ft1FwTGBCJB/eXxYf/1P
=5omL
-----END PGP SIGNATURE-----

Leak content

The archive is 19GB, which is the double of the first part of the leak. It contains the following files:

ashleymadison_part2

The leak contains lots of gitlab repositories. Here are the name of the projects and the name of the different repositories:

repositories

Sloccount announces nearly 3M lines of code :

Totals grouped by language (dominant language first):
php:        2440587 (81.58%)
objc:        192704 (6.44%)
ruby:        120264 (4.02%)
java:        104725 (3.50%)
cs:           60546 (2.02%)
ansic:        40943 (1.37%)
sh:           12857 (0.43%)
perl:         10349 (0.35%)
python:        5123 (0.17%)
cpp:           2646 (0.09%)
pascal:         848 (0.03%)
sed:            112 (0.00%)
lisp:             6 (0.00%)




Total Physical Source Lines of Code (SLOC)                = 2,991,710

ashleymadison.tgz

Contains all gitlab repositories related to the website.

avid.tgz

avid is the name of the company behind Ashley Madison.

This archive contains 12 gitlab repositories, belonging to the avid user.
The repositories are:

  • alm_billing
  • alm_billing.wiki
  • avid-generator
  • avid-generator.wiki
  • bill
  • bill.wiki
  • billing-builds
  • billing
  • gatekeeper
  • gatekeeper.wiki
  • utilitybelt
  • utilitybelt.wiki

qa.tgz

Contains four gitlab git repositories belonging to a qa user. The four repositories are qa-duck.wiki, qa-duck, qa-automation and am-automation.

More to come as I scrap through the data from this archive. This article will be updated during the next hours (dl @92.2%. And slowly downloading. Yay.)
Another (more complete) article will come in a few days with details on both parts of this leak.

Don’t forget to check my quick write up on the first part of this leak : Ashley Madison full dump has finally leaked

Earlier today, the full dump of Ashley Madison has finally leaked on an .onion (Tor) website. A more complete analysis will follow in the next days. Also check out the write up on part 2 of the leak.

TL;DR :

  • The leaked files seem totally legit
  • 33 million accounts and user personal information have leaked
  • 36 million email addresses have leaked (you might get some spam…)
  • Accounts’ passwords were stored in a secure way and while they won’t be cracked as a whole, someone targeting you might crack your password. Change it.
  • The dump was made on 11/07/15 (July). If you registered your account after this date, you are mostly safe. If you registered before, your personal information are at risk and I advise you to take measures to protect yourself from identity/credit card theft.

 

Leak content

The leak contains the following files :

am_tree

Those compressed files weight ~ 10GB (and about 35GB uncompressed).

README

The readme file contains the following text:

  _______ _____ __  __ ______ _       _    _ _____  _ 
 |__   __|_   _|  \/  |  ____( )     | |  | |  __ \| |
    | |    | | | \  / | |__  |/ ___  | |  | | |__) | |
    | |    | | | |\/| |  __|   / __| | |  | |  ___/| |
    | |   _| |_| |  | | |____  \__ \ | |__| | |    |_|
    |_|  |_____|_|  |_|______| |___/  \____/|_|    (_)

Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.

Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.

Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.

Any data not signed with key 6E50 3F39 BA6A EAAD D81D ECFF 2437 3CD5 74AB AA38 is fake.

74ABAA38.txt

This file contains the GPG public key that can be used to check that all the files were created by the author and *not* modified by some third party. They are all legit in this case.

CreditCardTransactions.7z

This archive contains *all* the credit card transactions from the past 7 years! (The first csv file dates back to March 2008). All those csv files contains the names, street address, amount paid and email address of everyone who paid something on AshleyMadison. Those ~2600 files represent more than 9.600.000 transactions !

am_am.dump

Here comes the interesting part. This file contains 32 million user data: first/last names, street address, phone numbers, relationship status, what they are looking for, if they drink, smoke, their security question, date of birth, nickname, etc…

ashleymadisondump.7z

This archive mostly contains administrative documents about AM internals some of them were published a few days after the breach was announced.

aminno_member.dump

I don’t know where does this database dump come from, but it also contains some personal data.

aminno_member_email.dump

About 36 million email addresses. (Gonna make some stats on them in a second time)

member_details.dump

Physical description: eyes color, weight, height, hair color, body type, “ethnicity”, caption…

member_login.dump

This database dump contains more than 30 million usernames + hashed passwords. The passwords are hashed with the bcrypt algorithm and
a huge cost factor of 12, which makes a global attack on the password very unlikely (even for most commons passwords). However, attacking a single (or a couple) of passwords is still possible and you definitely need to change your password.

Tables schema

To give you an idea of what is stored in the database, here are the different tables schema of the database. Fields name are really explicit.

CREATE TABLE `am_am_member` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`createdon` timestamp NULL DEFAULT NULL,
`createdby` int(11) DEFAULT NULL,
`updatedon` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`updatedby` int(11) DEFAULT NULL,
`admin` int(11) DEFAULT NULL,
`status` int(11) DEFAULT NULL,
`account_type` int(11) DEFAULT NULL,
`membership_status` int(11) DEFAULT NULL,
`ad_source` int(11) NOT NULL DEFAULT ‘0’,
`profile_number` int(11) DEFAULT NULL,
`nickname` varchar(16) DEFAULT NULL,
`first_name` varchar(24) DEFAULT NULL,
`last_name` varchar(24) DEFAULT NULL,
`street1` varchar(70) DEFAULT NULL,
`street2` varchar(70) DEFAULT NULL,
`city` varchar(28) DEFAULT NULL,
`zip` varchar(16) DEFAULT NULL,
`state` int(11) DEFAULT NULL,
`latitude` double NOT NULL DEFAULT ‘0’,
`longitude` double NOT NULL DEFAULT ‘0’,
`country` int(11) DEFAULT NULL,
`phone` varchar(24) DEFAULT NULL,
`work_phone` varchar(24) DEFAULT NULL,
`mobile_phone` varchar(24) DEFAULT NULL,
`gender` int(11) DEFAULT NULL,
`dob` date DEFAULT NULL,
`profile_caption` varchar(64) DEFAULT NULL,
`profile_ethnicity` int(11) DEFAULT NULL,
`profile_weight` int(11) DEFAULT NULL,
`profile_height` int(11) DEFAULT NULL,
`profile_bodytype` int(11) DEFAULT NULL,
`profile_smoke` int(11) DEFAULT NULL,
`profile_drink` int(11) DEFAULT NULL,
`profile_initially_seeking` int(11) DEFAULT NULL,
`profile_relationship` int(11) DEFAULT NULL,
`pref_opento` varchar(164) NOT NULL DEFAULT  »,
`pref_opento_other` varchar(28) DEFAULT NULL,
`pref_opento_abstract` mediumtext NOT NULL,
`pref_turnsmeon` varchar(164) NOT NULL DEFAULT  »,
`pref_turnsmeon_other` varchar(28) DEFAULT NULL,
`pref_turnsmeon_abstract` mediumtext,
`pref_lookingfor` varchar(164) NOT NULL DEFAULT  »,
`pref_lookingfor_other` varchar(28) DEFAULT NULL,
`pref_lookingfor_abstract` mediumtext,
`main_photo` int(11) DEFAULT NULL,
`security_question` int(1) NOT NULL DEFAULT ‘0’,
`security_answer` varchar(32) NOT NULL DEFAULT  »,

CREATE TABLE `aminno_member` (
`pnum` int(11) NOT NULL DEFAULT ‘0’,
`approved` tinyint(1) NOT NULL DEFAULT ‘0’,
`signupvid` varchar(64) NOT NULL DEFAULT  »,
`signupip` varchar(15) NOT NULL DEFAULT  »,
`sponsor` int(8) NOT NULL DEFAULT ‘0’,
`nickname` varchar(28) CHARACTER SET utf8 COLLATE utf8_general_mysql500_ci NOT NULL DEFAULT  »,
`gender` int(1) NOT NULL DEFAULT ‘0’,
`ishost` tinyint(1) NOT NULL DEFAULT ‘0’,
`flags` int(11) NOT NULL DEFAULT ‘0’,
`fraud_flag` int(11) NOT NULL DEFAULT ‘0’,
`country` int(1) NOT NULL DEFAULT ‘0’,
`state` int(3) NOT NULL DEFAULT ‘0’,
`zip` varchar(16) NOT NULL DEFAULT  »,
`latitude` double NOT NULL DEFAULT ‘0’,
`longitude` double NOT NULL DEFAULT ‘0’,
`timezone` int(3) NOT NULL DEFAULT ‘0’,
`city` varchar(28) NOT NULL DEFAULT  »,
`adsource` int(2) NOT NULL DEFAULT ‘0’,
`seeking` int(2) NOT NULL DEFAULT ‘0’,
`dob` date NOT NULL DEFAULT ‘0000-00-00’,
`credits` int(5) NOT NULL DEFAULT ‘0’,
`flatrate` timestamp NOT NULL DEFAULT ‘0000-00-00 00:00:00’,
`accept_collect` tinyint(1) NOT NULL DEFAULT ‘1’,
`accept_host_contact` tinyint(1) NOT NULL DEFAULT ‘1’,
`accept_mail_auto_responder` tinyint(1) NOT NULL DEFAULT ‘1’,
`restrict_global` tinyint(1) NOT NULL DEFAULT ‘0’,
`restrict_bc` tinyint(1) NOT NULL DEFAULT ‘0’,
`bc_mail_last_time` timestamp NOT NULL DEFAULT ‘0000-00-00 00:00:00’,
`bc_chat_last_time` timestamp NOT NULL DEFAULT ‘0000-00-00 00:00:00’,
`reply_mail_last_time` timestamp NOT NULL DEFAULT ‘0000-00-00 00:00:00’,
`photos_public` int(1) NOT NULL DEFAULT ‘0’,
`photos_private` int(2) NOT NULL DEFAULT ‘0’,
`keywords` mediumtext NOT NULL,
`set_chat_enabled` int(1) NOT NULL DEFAULT ‘1’,
`set_chat_available` int(1) NOT NULL DEFAULT ‘1’,
`set_show_profile` tinyint(1) NOT NULL DEFAULT ‘1’,
`set_show_online` tinyint(1) NOT NULL DEFAULT ‘1’,
`set_view_rated` tinyint(1) NOT NULL DEFAULT ‘0’,
`mail_auto_responder` int(5) NOT NULL DEFAULT ‘0’,
`mail_auto_responder_msg` varchar(255) DEFAULT NULL,
`security_question` int(1) NOT NULL DEFAULT ‘0’,
`security_answer` varchar(32) NOT NULL DEFAULT  »,
`caption` varchar(64) DEFAULT NULL,
`ethnicity` int(11) DEFAULT NULL,
`weight` int(11) DEFAULT NULL,
`height` int(11) DEFAULT NULL,
`bodytype` int(11) DEFAULT NULL,
`smoking` int(11) DEFAULT NULL,
`limits` int(11) DEFAULT NULL,
`opento` varchar(164) NOT NULL DEFAULT  »,
`opento_other` varchar(28) DEFAULT NULL,
`opento_abstract` mediumtext NOT NULL,
`turnsmeon` varchar(164) NOT NULL DEFAULT  »,
`turnsmeon_other` varchar(28) DEFAULT NULL,
`turnsmeon_abstract` mediumtext NOT NULL,
`lookingfor` varchar(164) NOT NULL DEFAULT  »,
`lookingfor_other` varchar(28) DEFAULT NULL,
`lookingfor_abstract` mediumtext NOT NULL,
`eye_color` int(11) NOT NULL DEFAULT ‘0’,
`hair_color` int(11) NOT NULL DEFAULT ‘0’,
`updatedon` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,

CREATE TABLE `aminno_member_email` (
`pnum` int(11) NOT NULL DEFAULT ‘0’,
`email` varchar(128) NOT NULL DEFAULT  »,
`isvalid` tinyint(1) NOT NULL DEFAULT ‘1’,
`html` tinyint(1) NOT NULL DEFAULT ‘0’,
`optin` int(1) NOT NULL DEFAULT ‘0’,
`notify_newmail` int(1) NOT NULL DEFAULT ‘1’,
`notify_newmember` int(1) NOT NULL DEFAULT ‘1’,
`notify_login` int(1) NOT NULL DEFAULT ‘1’,
`notify_offer` tinyint(1) NOT NULL DEFAULT ‘1’,

CREATE TABLE `member_details` (
`pnum` int(11) unsigned NOT NULL,
`eye_color` int(11) unsigned NOT NULL DEFAULT ‘0’,
`hair_color` int(11) unsigned NOT NULL DEFAULT ‘0’,
`dob` date DEFAULT NULL,
`profile_caption` varchar(64) DEFAULT NULL,
`profile_ethnicity` int(11) unsigned DEFAULT NULL,
`profile_weight` int(11) unsigned DEFAULT NULL,
`profile_height` int(11) unsigned DEFAULT NULL,
`profile_bodytype` int(11) unsigned DEFAULT NULL,
`profile_smoke` int(11) unsigned DEFAULT NULL,
`profile_drink` int(11) unsigned DEFAULT NULL,
`profile_initially_seeking` int(11) unsigned DEFAULT NULL,

CREATE TABLE `member_login` (
`pnum` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(28) CHARACTER SET utf8 COLLATE utf8_general_mysql500_ci NOT NULL DEFAULT  »,
`password` varchar(128) NOT NULL DEFAULT  »,
`loginkey` varchar(36) NOT NULL DEFAULT  »,
`notify` int(4) NOT NULL DEFAULT ‘0’,