In case you’ve missed some of the biggest security news of the year, we’d like to fill you in. Controversial dating site for married users, Ashley Madison, has had 33 million of its user accounts publicly released this Tuesday.
We were forewarned, however: the brazen hackers originally stole the data over a month ago, threatening to release it unless site owners Avid Life Media agreed to remove both AshleyMadison.com and its sister dating site, Established Men, from the Internet entirely.
The demands were ignored, and it’s now clear that the hackers weren’t bluffing. The 9.7 gigabyte mountain of records was unleashed on the deep web and has already endured extensive scrutiny by journalists, security researchers and the general public alike.
So, what’s in the breach? Alarmingly, a whole lot more than just email addresses and passwords.
Included are actual GPS coordinates of the dating service’s mobile app users, with many accounts including exact location data. Among the other compromised data are credit card transaction details and phone numbers, answers to questions regarding personal preferences, as well as secret questions and answers.
So, while some accounts have been created with false details, location and credit transaction information may still reveal actual identities behind accounts, constituting a serious privacy concern for the site’s users.
There is a little good news, however. Leaked passwords are thankfully in encrypted form, so users with strong passwords may find that theirs remains uncracked. This being said, the safest course of action is to change your password.
Update (24/08/15): We have now fully imported this breach to our database and are currently issuing alerts to affected subscribers.
There were some additional email addresses that were related to credit card payments in the database, but they did not have any password data associated with them, so we have not included them in our import.
As always, BreachAlarm is concerned only with compromises of your passwords.