Daily Mail reports that on Aug. 20, 2015, the Impact Team hackers released a second, even bigger, 20GB cache of files exposing the 37 millions subscribers of the adultery website Ashley Madison (AM), according to Vice.
The Pentagon and the FBI may investigate the data leak, fearing that government AM subscribers may be blackmailed.
The new documents were dumped with a taunting message to the adultery website’s founder, millionaire CEO Noel Biderman: “Hey Noel, you can admit it’s real now.”
The Associated Press traced many of the accounts exposed by hackers back to federal workers and reviewed their credit-card transactions to identify them. Up to 15,000 names among the raw data are listed from email addresses with the domain names .mil or .gov — the official addresses of U.S government and military employees, including:
- At least two assistant U.S. attorneys.
- An information technology administrator in the Executive Office of the President.
- A division chief, an investigator and a trial attorney in the Department of Justice. Some DOJ employees appeared to use pre-paid credit cards to help preserve their anonymity but connected to the service from their office computers.
- A government hacker and another employee who indicated he worked on a counter-terrorism response team at the Department of Homeland Security.
- Workers in other Obama administration agencies, including the departments of State, Defense, Energy, Treasury, and Transportation.
- Workers in the House and Senate.
- Louisiana GOP Executive Director Jason Doré, who claimed he used the site for “opposition research,” but did not reveal on whose behalf he had accessed the site. Doré told NOLA.com that an account with his name and credit card information was used by his law firm, Doré Jeansonne. He said, “As the state’s leading opposition research firm, our law office routinely searches public records, online databases and websites of all types to provide clients with comprehensive reports. Our utilization of this site was for standard opposition research. Unfortunately, it ended up being a waste of money and time.”
Defense Secretary Ash Carter confirmed the Pentagon was looking into the list of people who used military email addresses. Adultery can be a criminal offense under the Uniform Code of Military Justice.
Many federal customers appeared to use non-government email addresses with handles such as ‘sexlessmarriage’, ‘soontobesingle’ or ‘latinlovers’.
In May, the Washington Post reported that D.C. had the highest rate of membership on Ashley Madison for the third year running and Capitol Hill was the neighborhood with the highest number of new recruits.
But according to the graphic below, São Paulo, Brazil, leads the world’s cities in the number of AM subscribers:
Here are some other Ashley Madison subscribers from big institutions in addition to U.S. government workers:
- Sony, Boeing and the United Nations are among those institutions whose domain names appear in the long lists of alleged users.
- Staff of big banks also make regular appearances. Marketwatch counted up bank domain names to reveal 175 from Wells Fargo, 76 from Bank of America, 73 from Deutsche Bank, 51 from Citigroup, 45 from Goldman Sachs, 28 from PNC Bank, 15 at U.S. Bancorp, 14 at Bank of New York Mellon, 9 at J.P. Morgan Chase and 4 at Capital One.
- At least 30 subscribers from the University of Texas.
- The French leak monitoring firm CybelAngel said it counted 1,200 email addresses in the data dump with the .sa suffix, suggesting users were connected to Saudi Arabia, where adultery is punishable by death.
So far, the most famous name to be exposed as an AM subscriber is 27-year-old Josh Duggar of the pious Duggar family, whose “19 Kids and Counting” reality TV show recently was canceled by TLC because a police report revealed that when he was 15, Josh had molested 5 girls, including his own sisters. He was never charged with a crime for the incidents as by the time police learned of the offenses the statue of limitations had passed, and his parents did not notify authorities after learning about their son’s actions.
Josh owned not just one, but owned several AM accounts. He indicated he was looking for “conventional sex, experimenting with sex toys, one-night stands, sharing fantasies, sex talk” and more. His profile said he was looking for “naughty girl, aggressive/take charge girl, high sex drive and creative and adventurous.”
According to Gawker, “Someone using a credit card belonging to a Joshua J. Duggar, with a billing address that matches the home in Fayetteville, Arkansas owned by his grandmother Mary – a home that was consistently on their now-cancelled TV show, and in which Anna Duggar gave birth to her first child – paid a total of $986.76 for two different monthly Ashley Madison subscriptions from February of 2013 until May of 2015.” A second Josh Duggar account was created in July 2013 “that was linked to his home in Oxon Hill, Maryland.”
Josh lived at the Maryland residence with his wife and children while working as a family values lobbyist for the Family Research Council in Washington, D.C., which promotes marriage and family values and opposes abortion, divorce and pornography.
Josh posted a public apology, admitting being unfaithful to his wife and living a double life, saying: “I have been the biggest hypocrite ever. While espousing faith and family values, I have secretly over the last several years been viewing pornography on the internet and this became a secret addiction and I became unfaithful to my wife. I am so ashamed of the double life that I have been living and am grieved for the hurt, pain and disgrace my sin has caused my wife and family, and most of all Jesus and all those who profess faith in Him. I brought hurt and a reproach to my family, close friends and the fans of our show with my actions that happened when I was 14-15 years old, and now I have re-broken their trust. The last few years, while publicly stating I was fighting against immorality in our country, I was hiding my own personal failings. As I am learning the hard way, we have the freedom to choose to our actions, but we do not get to choose our consequences. I deeply regret all hurt I have caused so many by being such a bad example. I humbly ask for your forgiveness. Please pray for my precious wife Anna and our family during this time.”
Blah, blah, blah.
Government workers contacted by the AP were similarly contrite.
A DOJ investigator said, “I was doing some things I shouldn’t have been doing.” Asked about the threat of blackmail, the investigator said if prompted he would reveal his actions to his family and employer to prevent it because “I’ve worked too hard all my life to be a victim of blackmail.”
This second cache was also dumped on the dark web, which requires specific software for access, which means the information cannot be accessed by regular search engines. But other non-dark web sites have posted the hacked information. Several searchable databases of names, emails and sexual fantasies linked to the first data leak had to shut down within minutes of going live because they could not cope with demand from suspicious spouses.
Meanwhile, the hackers claim they have naked pictures of thousands of AM members, and sexually explicit chats between members.
One of the documents in the second cache of hacked Ashley Madison data shows the adultery website was aware of the privacy dangers and even discussed a potential security breach. A file called “Areas of concern – customer data.docx” shows that an AM worker had flagged potential hacking hazards.
Expect a torrent of lawsuits against Ashley Madison. Hopefully, Noel Biderman will be bankrupted and go out of business.