Earlier today, the full dump of Ashley Madison has finally leaked on an .onion (Tor) website. A more complete analysis will follow in the next days. Also check out the write up on part 2 of the leak.
TL;DR :
- The leaked files seem totally legit
- 33 million accounts and user personal information have leaked
- 36 million email addresses have leaked (you might get some spam…)
- Accounts’ passwords were stored in a secure way and while they won’t be cracked as a whole, someone targeting you might crack your password. Change it.
- The leak contains the names, street addresses, email addresses, phone number and credit card transactions of nearly 33 million accounts ! (and Per Thorsheim has found valid CC info !)
- The dump was made on 11/07/15 (July). If you registered your account after this date, you are mostly safe. If you registered before, your personal information are at risk and I advise you to take measures to protect yourself from identity/credit card theft.
Leak content
The leak contains the following files :
Those compressed files weight ~ 10GB (and about 35GB uncompressed).
README
The readme file contains the following text:
_______ _____ __ __ ______ _ _ _ _____ _ |__ __|_ _| \/ | ____( ) | | | | __ \| | | | | | | \ / | |__ |/ ___ | | | | |__) | | | | | | | |\/| | __| / __| | | | | ___/| | | | _| |_| | | | |____ \__ \ | |__| | | |_| |_| |_____|_| |_|______| |___/ \____/|_| (_)Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.
Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.
Any data not signed with key 6E50 3F39 BA6A EAAD D81D ECFF 2437 3CD5 74AB AA38 is fake.
74ABAA38.txt
This file contains the GPG public key that can be used to check that all the files were created by the author and *not* modified by some third party. They are all legit in this case.
CreditCardTransactions.7z
This archive contains *all* the credit card transactions from the past 7 years! (The first csv file dates back to March 2008). All those csv files contains the names, street address, amount paid and email address of everyone who paid something on AshleyMadison. Those ~2600 files represent more than 9.600.000 transactions !
am_am.dump
Here comes the interesting part. This file contains 32 million user data: first/last names, street address, phone numbers, relationship status, what they are looking for, if they drink, smoke, their security question, date of birth, nickname, etc…
ashleymadisondump.7z
This archive mostly contains administrative documents about AM internals some of them were published a few days after the breach was announced.
aminno_member.dump
I don’t know where does this database dump come from, but it also contains some personal data.
aminno_member_email.dump
About 36 million email addresses. (Gonna make some stats on them in a second time)
member_details.dump
Physical description: eyes color, weight, height, hair color, body type, “ethnicity”, caption…
member_login.dump
This database dump contains more than 30 million usernames + hashed passwords. The passwords are hashed with the bcrypt algorithm and
a huge cost factor of 12, which makes a global attack on the password very unlikely (even for most commons passwords). However, attacking a single (or a couple) of passwords is still possible and you definitely need to change your password.
Tables schema
To give you an idea of what is stored in the database, here are the different tables schema of the database. Fields name are really explicit.
CREATE TABLE `am_am_member` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`createdon` timestamp NULL DEFAULT NULL,
`createdby` int(11) DEFAULT NULL,
`updatedon` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`updatedby` int(11) DEFAULT NULL,
`admin` int(11) DEFAULT NULL,
`status` int(11) DEFAULT NULL,
`account_type` int(11) DEFAULT NULL,
`membership_status` int(11) DEFAULT NULL,
`ad_source` int(11) NOT NULL DEFAULT ‘0’,
`profile_number` int(11) DEFAULT NULL,
`nickname` varchar(16) DEFAULT NULL,
`first_name` varchar(24) DEFAULT NULL,
`last_name` varchar(24) DEFAULT NULL,
`street1` varchar(70) DEFAULT NULL,
`street2` varchar(70) DEFAULT NULL,
`city` varchar(28) DEFAULT NULL,
`zip` varchar(16) DEFAULT NULL,
`state` int(11) DEFAULT NULL,
`latitude` double NOT NULL DEFAULT ‘0’,
`longitude` double NOT NULL DEFAULT ‘0’,
`country` int(11) DEFAULT NULL,
`phone` varchar(24) DEFAULT NULL,
`work_phone` varchar(24) DEFAULT NULL,
`mobile_phone` varchar(24) DEFAULT NULL,
`gender` int(11) DEFAULT NULL,
`dob` date DEFAULT NULL,
`profile_caption` varchar(64) DEFAULT NULL,
`profile_ethnicity` int(11) DEFAULT NULL,
`profile_weight` int(11) DEFAULT NULL,
`profile_height` int(11) DEFAULT NULL,
`profile_bodytype` int(11) DEFAULT NULL,
`profile_smoke` int(11) DEFAULT NULL,
`profile_drink` int(11) DEFAULT NULL,
`profile_initially_seeking` int(11) DEFAULT NULL,
`profile_relationship` int(11) DEFAULT NULL,
`pref_opento` varchar(164) NOT NULL DEFAULT »,
`pref_opento_other` varchar(28) DEFAULT NULL,
`pref_opento_abstract` mediumtext NOT NULL,
`pref_turnsmeon` varchar(164) NOT NULL DEFAULT »,
`pref_turnsmeon_other` varchar(28) DEFAULT NULL,
`pref_turnsmeon_abstract` mediumtext,
`pref_lookingfor` varchar(164) NOT NULL DEFAULT »,
`pref_lookingfor_other` varchar(28) DEFAULT NULL,
`pref_lookingfor_abstract` mediumtext,
`main_photo` int(11) DEFAULT NULL,
`security_question` int(1) NOT NULL DEFAULT ‘0’,
`security_answer` varchar(32) NOT NULL DEFAULT »,
CREATE TABLE `aminno_member` (
`pnum` int(11) NOT NULL DEFAULT ‘0’,
`approved` tinyint(1) NOT NULL DEFAULT ‘0’,
`signupvid` varchar(64) NOT NULL DEFAULT »,
`signupip` varchar(15) NOT NULL DEFAULT »,
`sponsor` int(8) NOT NULL DEFAULT ‘0’,
`nickname` varchar(28) CHARACTER SET utf8 COLLATE utf8_general_mysql500_ci NOT NULL DEFAULT »,
`gender` int(1) NOT NULL DEFAULT ‘0’,
`ishost` tinyint(1) NOT NULL DEFAULT ‘0’,
`flags` int(11) NOT NULL DEFAULT ‘0’,
`fraud_flag` int(11) NOT NULL DEFAULT ‘0’,
`country` int(1) NOT NULL DEFAULT ‘0’,
`state` int(3) NOT NULL DEFAULT ‘0’,
`zip` varchar(16) NOT NULL DEFAULT »,
`latitude` double NOT NULL DEFAULT ‘0’,
`longitude` double NOT NULL DEFAULT ‘0’,
`timezone` int(3) NOT NULL DEFAULT ‘0’,
`city` varchar(28) NOT NULL DEFAULT »,
`adsource` int(2) NOT NULL DEFAULT ‘0’,
`seeking` int(2) NOT NULL DEFAULT ‘0’,
`dob` date NOT NULL DEFAULT ‘0000-00-00’,
`credits` int(5) NOT NULL DEFAULT ‘0’,
`flatrate` timestamp NOT NULL DEFAULT ‘0000-00-00 00:00:00’,
`accept_collect` tinyint(1) NOT NULL DEFAULT ‘1’,
`accept_host_contact` tinyint(1) NOT NULL DEFAULT ‘1’,
`accept_mail_auto_responder` tinyint(1) NOT NULL DEFAULT ‘1’,
`restrict_global` tinyint(1) NOT NULL DEFAULT ‘0’,
`restrict_bc` tinyint(1) NOT NULL DEFAULT ‘0’,
`bc_mail_last_time` timestamp NOT NULL DEFAULT ‘0000-00-00 00:00:00’,
`bc_chat_last_time` timestamp NOT NULL DEFAULT ‘0000-00-00 00:00:00’,
`reply_mail_last_time` timestamp NOT NULL DEFAULT ‘0000-00-00 00:00:00’,
`photos_public` int(1) NOT NULL DEFAULT ‘0’,
`photos_private` int(2) NOT NULL DEFAULT ‘0’,
`keywords` mediumtext NOT NULL,
`set_chat_enabled` int(1) NOT NULL DEFAULT ‘1’,
`set_chat_available` int(1) NOT NULL DEFAULT ‘1’,
`set_show_profile` tinyint(1) NOT NULL DEFAULT ‘1’,
`set_show_online` tinyint(1) NOT NULL DEFAULT ‘1’,
`set_view_rated` tinyint(1) NOT NULL DEFAULT ‘0’,
`mail_auto_responder` int(5) NOT NULL DEFAULT ‘0’,
`mail_auto_responder_msg` varchar(255) DEFAULT NULL,
`security_question` int(1) NOT NULL DEFAULT ‘0’,
`security_answer` varchar(32) NOT NULL DEFAULT »,
`caption` varchar(64) DEFAULT NULL,
`ethnicity` int(11) DEFAULT NULL,
`weight` int(11) DEFAULT NULL,
`height` int(11) DEFAULT NULL,
`bodytype` int(11) DEFAULT NULL,
`smoking` int(11) DEFAULT NULL,
`limits` int(11) DEFAULT NULL,
`opento` varchar(164) NOT NULL DEFAULT »,
`opento_other` varchar(28) DEFAULT NULL,
`opento_abstract` mediumtext NOT NULL,
`turnsmeon` varchar(164) NOT NULL DEFAULT »,
`turnsmeon_other` varchar(28) DEFAULT NULL,
`turnsmeon_abstract` mediumtext NOT NULL,
`lookingfor` varchar(164) NOT NULL DEFAULT »,
`lookingfor_other` varchar(28) DEFAULT NULL,
`lookingfor_abstract` mediumtext NOT NULL,
`eye_color` int(11) NOT NULL DEFAULT ‘0’,
`hair_color` int(11) NOT NULL DEFAULT ‘0’,
`updatedon` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
CREATE TABLE `aminno_member_email` (
`pnum` int(11) NOT NULL DEFAULT ‘0’,
`email` varchar(128) NOT NULL DEFAULT »,
`isvalid` tinyint(1) NOT NULL DEFAULT ‘1’,
`html` tinyint(1) NOT NULL DEFAULT ‘0’,
`optin` int(1) NOT NULL DEFAULT ‘0’,
`notify_newmail` int(1) NOT NULL DEFAULT ‘1’,
`notify_newmember` int(1) NOT NULL DEFAULT ‘1’,
`notify_login` int(1) NOT NULL DEFAULT ‘1’,
`notify_offer` tinyint(1) NOT NULL DEFAULT ‘1’,
CREATE TABLE `member_details` (
`pnum` int(11) unsigned NOT NULL,
`eye_color` int(11) unsigned NOT NULL DEFAULT ‘0’,
`hair_color` int(11) unsigned NOT NULL DEFAULT ‘0’,
`dob` date DEFAULT NULL,
`profile_caption` varchar(64) DEFAULT NULL,
`profile_ethnicity` int(11) unsigned DEFAULT NULL,
`profile_weight` int(11) unsigned DEFAULT NULL,
`profile_height` int(11) unsigned DEFAULT NULL,
`profile_bodytype` int(11) unsigned DEFAULT NULL,
`profile_smoke` int(11) unsigned DEFAULT NULL,
`profile_drink` int(11) unsigned DEFAULT NULL,
`profile_initially_seeking` int(11) unsigned DEFAULT NULL,
CREATE TABLE `member_login` (
`pnum` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(28) CHARACTER SET utf8 COLLATE utf8_general_mysql500_ci NOT NULL DEFAULT »,
`password` varchar(128) NOT NULL DEFAULT »,
`loginkey` varchar(36) NOT NULL DEFAULT »,
`notify` int(4) NOT NULL DEFAULT ‘0’,
50 Comments
give us the onion link please
My big question is: where is(was ?) the file hosted ?
Where did you get it ?
ok so i have the files.
how can i view the records?
@oyoyyoy: No, you can find it yourself easily.
@Carpette: The file was hosted on a tor hidden service, the website is still up and you can still see the original announcement on it.
@Migel: Import them in a database (MySQL/MariaDB) and query the database 🙂
I searched aminno_member_email.dump for an email domain I control, and there are hundreds of clearly bogus entries.
@RR:That’s likely because the user didn’t want to have their real email traced back to them, and instead, created a fake or « bogus » email tied to the account. The email was probably a requirement in order to create the account on AM.
I’m very familiar with T-SQL so I want to pull the dump into SQL 2012. Can someone tell me how to get it into a database?
Is the swappernet data in this dump too or is it elsewhere?
@SQLGuy After you unzip ashleymadisondump.7z you will find swappernet inside.
@Hydraze: how do I view the unzipped .dump files on a mac?
So, that’s the point of posting this without including the .onion link?
You can open them with a plain text editor (however, it won’t like the size of the files). The best solution is to import the data in a MySQL database, but it can take a very long time to do so depending on your hardware (my importing is still running..)
am i the only one who has noticed that am_am.dump is full of « NULL » for most people? try to get the first_name, last_name, and street1 for everyone in your zip code. mine was all ‘NULL’ — I tried a few other zip codes and same. I opened the dump file in a text editor and got the same. kinda weird, no?
Could you please make a tutorial about how to open .dump files in MySQL ?
Thx
I will make a full write up on this leak asap and do a “behind the scene” article with my commands
I wasn’t able to complete the download last night because windows 10 decided to update and reboot. 🙁
This is just a guess since I haven’t seen the files but to the guy who asked about adding it to MySQL my guess is you need to change the file extension to something else. Again, I don’t have the files so it’s just a guess.
So for what I thought would be shits and giggles, I was checking the email of myself and people that I know and my dad’s email came up as being on Ashley Madison. I obviously began freaking out (because my parents have been married for almost 34 years), and have been trying to be able to read the files. I have no experience with torrent files or MySQL and spent all last night trying to figure out how to open the am_am.dump file. I got it downloaded and unzipped, but I can’t figure out MySQL and honestly, don’t have the time (or want to take the time because I’m literally sick to my stomach all the time because of this)…is there a quicker way?
As soon as I can actually get the data and get it into SQL I’ll be able to tell you anything you wanna know about it. I’ve never used Tor before though, I’m getting the data off bit torrent so I can only do that after working hours. I’ll have the first dump by tomorrow am and hopefully the second dump gets on bit Torrent soon. I installed the Tor browser but have no clue how to use it. 🙁
However personally I’m more interested in the swappernetdata
It’s just like a normal browser. I found the link to the .onion on reddit.
Is there any reference for the values contained in the DB fields. As an example row of am_am_member.profile_turnsmeon contains « |7|40|27|23|21|48| ». It would be interesting to be able to map this back to human interpretable profile data.
I’m not a DB expert but I’m very familiar with managing excel and csv files.
Can any recommend the best way to access the files containing real name, address, and transaction data?
Dang it, I searched ReDdit for it last night. I must have missed it,I’ll look again. Thanks.
I think the website that claims to be searching the dump for email addresses is fake. I put the same addresses in have I been pawned and got no but on that AM site they said yes to 2 out of 3. May just be a scammer collecting addresses.
Are they also going to release a log of the paypal transactions?
Checking for my friend who is freaking out haha. Good news is that all his name info is NULL and he used a secondary secret email address. Paid via paypal. Should be safe I think! Didn’t even meet any women, what a scam lol.
Are the addressed tired to the credit card numbers soley from ashely madison users or also from their sister companies as well? Such as established men or cougarlife… Is there a way to confirm yes or no?
For those who wants to know how to open and read the files:
Download the dumps
Rename .dump to.sql
Download and install HeidiSQL
Create new session
Create database « am » (without quotes)
Connect to am
Import .sql file
Be patience
You als have to create a databse called « aminno » .
Check header in SQL file to see which database you need to connect to.
Import files.
My husband’s email was on Ashley Madison, how do I find out the details of his profile?
It is easy to grab it by torrent, with very good seed
So can anyone else confirm what I suspect, that the pnum column of these other tables is like a foreign key to the am_am_member table?
I have recently set up these databases – if daughter09 wants to reveal which email to search for I can help pull the other relevant data…
^it may be that he (the guy who made the ashley.cynic.al website) has only made the original 9.7-GB data dump searchable, rather than the next dump of 20 GB that followed a day later.
when do you thing a searchable database (names, addresses,cc info) will be posted to the regular web?
I’m disappointed, the csv with the swappernet data has not names or addresses or anything useful. Just usernames and password. I’m build an 8 proc server with 128GB of RAM that I’m importing the MySQL databases in to now. 🙂
If I provide an email address that’s on it can someone give me the username/password?
There must be some way to configure MySQL to run better. Mine is only using 3Gb of ram and 1% of CPU while running the import. 🙁
Can someone search an email address for me and give me details?
V- Could you help me with a search as well? My husband’s email address came up in one search, but not another. And the complete file on PB is too large for my system.
To answer everyone at the same time: I won’t give any personal details on people. If you found your husband/father/brother email on one of the websites, just talk to him about it. Most people on AM only registered and were not active on the website.
IDM Ultra Edit text editor easily opened .dump file but it is not in a database table view.
I’ve been looking through these dumps at length because I am on AM and have a number of « friends » that I’ve met on AM. I’ve been looking up all our info on it, with the benefit of knowing how various members joined/paid/did full delete or not, etc.
Here’s what I’ve learned:
0) This data dump does not contain any profile photos, nor any communications between members.
1) If you used Paypal, then your payment transaction is not in the credit card info. I’ve not found the email associated with anyone’s paypal account anywhere in these dumps.
2) The « GPS » coordinates stored in a user’s profile are NOT above the user’s house. They are just the « center » of the zip-code that the user provided for his profile. Not that many AM users provide a different zip code for their profile than the one they use for their credit cards. Most AM users don’t want to come up in a search of their own town, so they use a nearby town as their « profile location » and the GPS coordinates correspondn to that random town they picked.
3) While there are records for new users up until the end of June, the data dump does not include the full profile (their paragraph descriptions, sexual preferences, etc) for users who JOINED after 2/23/2015. So, if you joined recently, your exposure is less.
4) HOWEVER, if you opened your account before 2/23/2015, the full text of your profile is there, including all recent changes you made to it into the beginning of July 2015.
5) One of the files, aminno_member, supposedly contains fields that note the last chat/email received/email sent. But these fields were set to 0 for all the people I correspond with, even though they definitely send out email and do chats. So, I think the validity of these fields (bc_mail_last_time, bc_chat_last_time, reply_mail_last_time) is suspect.
6) If you paid for « full delete » your email might not show up on some of these « check my email » sites that use member_login.dump as a data source — because AM apparently actually DID erase the email from that file. HOWEVER, I am sorry to say that you are probably not okay. The rest of your data (including your email address and full profile) is still within other files in the dump, and can be found.
Yes (vsarvis16, K, and vicious3), if someone wants additional info on an email I will provide it. I will not be able to decrypt password info.
Any idea why my am_am_member table is importing with all null values? The ibd file in C:\ProgramData shows it is about 9 GB, but I show all null values when I query the table. All of the other tables import correctly. I’ve tried importing the table multiple times.
V, how would that work? I’m not going to post the email to this board.
Understandable; nor am I going to post my email here. For anyone that wants to post their own email or the email of their person they want to look up, I can help out.
Keep in mind though, the email you don’t want to post has already been made public because of the dump. Your call and it makes no difference to me. Also some things are maybe better not knowing.
In my case, I found my wife’s email via the search and that’s why I downloaded and searched the full dump. Turns out there’s no way it was her and I am very relieved. I wish the same result to everyone who is in this unfortunate situation.
V,
I created a gmail that is my username repeated once. You can contact me there. It may be dumb to do give out to a bunch of strangers, and I know people say just confront the person, but I don’t live with or near my parents and if a person is the type of person to have an affair, then how am I to trust them if I do ask them straight out? So if you’ll help me, just email me at my username repeated at gmail.
@ V or Female_AM_User,
I was able to locate my ex’s email the other day (confirmed for A.M.) but I have no way of de-cyphering the data dump so I haven’t tried.
I am strictly looking to verify the year(s) he used the Ashley Madison site and the last four digit(s) of the credit card he used. I really don’t care about the other information. We are already divorced but are going through the property settlement of our divorce and he has refused to give me complete copies of the credit card bills so I’m trying to verify if there were any charges for Ashley Madison.
p.s. We live in a no fault state so like I said I really don’t care that he cheated (I KNOW he is a cheater), I just want to make sure I’m not reimbursing him for charges to find another mistress. 😉
You can email me at: *REDACTED: NO EMAIL ADDRESS PLEASE*
I load the dump files. I was finding my parent but don’t found nothing… If somebody need help to find anybody I can help …
V, could you help me out as well? Trying to get this thing to imported but it’s taking forever!
**REDACTED: NO EMAIL ADDRESS PLEASE**