Petronella Blog Archive

Visit our New Blog

Behind the Ashley Madison Hack

Blog Post

By now, you've probably heard about the hack of the Ashley Madison website, a site devoted to helping people conduct affairs.  But do you know who was behind it or why they did it?

The hackers, a group calling themselves the Impact Team, hit several websites owned by Avid Life Media.  Ashley Madison is one of them, but they also run Established Men and Cougar Life.  The Impact Team released gigabytes of data that included the names, addresses and credit card numbers of Ashley Madison customers.  This outed, with very little room for denial, tens of millions of adulterers, including troubled reality TV star Josh Duggar and one prominent YouTube preacher.  There have allegedly been suicides and no telling how many relationships ended or put in jeopardy.

So who is the Impact Team and why did they do it?

There was, reportedly, no particular software vulnerability that the Impact Team took advantage of for something like an SQL injection attack.  The Impact Team themselves had this to say: “We worked hard to make fully undetectable attack, then got in and found nothing to bypass….Nobody was watching. No security. Only thing was segmented network. You could use Pass1234 from the internet to VPN to root on all servers.”  The Impact Team has also said they've been in Avid Life Media's servers for years and that they were pervasive, having taken over pretty much every aspect of the company from customer information databases to office emails.  

There is evidence to back up their claims.  The data released by the Impact Team comes form a number of servers from which they appear to have worked on extensively.  The compressed files in which the Impact Team publicly distributed their pirated information were prepared about a month ago too, so this wasn't some spontaneous hit.

And why did they do it?

Many hacking efforts purport noble ideals for why they do what they do, whether that's just to make them feel better about themselves, win some PR or whatever else is always up for debate.  In this case, the Impact Team said they were upset at the behavior the websites promoted.  Ashley Madison is a website to help people cheat on their significant others and Exceptional Men is for connecting young women with sugar daddies.  In the latter case, the Impact Team decry it as prostitution and human trafficking.

Another issue they had an issue with was a privacy concern.  The Impact Team called Avid Life Media's security and privacy measures as laughable.  Moreover, Ashley Madison has a feature that removes all traces of customer data... for a price.  It costs $19 to remove all your data and Ashley Madison made over $1.7 million in 2014 just off of that feature.  The problem is that the information was still stored on backend servers.

What do you think: Was the Impact Team right or wrong to expose the data of Ashley Madison users?