MORE FALL OUT —

2nd dump from Ashley Madison hack twice the size, includes CEO e-mail

"You can admit it's real now," hackers taunt parent company's CEO.

2nd dump from Ashley Madison hack twice the size, includes CEO e-mail
TrustedSec

Hackers behind the breach of the Ashley Madison cheater's dating service have released a second, much bigger dump of sensitive materials that may include a massive amount of e-mail from its parent company's CEO Noel Biderman.

The BitTorrent download totals 19GB and includes 13 GB file titled noel.biderman.mail.7z, prompting speculation it contains e-mail from Biderman, who is CEO of Ashley Madison parent company Avid Life Media. Update: Researchers have now completed the download and found the noel.biderman.mail.7z file can't be unpacked because it is inexplicably corrupted. According to this analysis, the TL;DR of the leak is:
  • The leak contains lots of source code
  • 73 different git repositories are present
  • Ashley Madison used gitlab internally
  • The 13GB compressed file which could contain AM CEO’s emails seems corrupted. Is it a fake one?
  • The leak contains plain text or poorly hashed (md5) db credentials

The new leak comes two days after Avid Life Media officials left open the possibility a previous 10GB download may not have been genuine. As it turned out, the leaked materials were real and showed the hackers had burrowed further into Ashley Madison than almost anyone had imagined.

"Hey Noel, you can admit it's real now," the hackers wrote in a message included in the download. It will take time for the Internet to digest the contents. Still, a preliminary analysis doesn't look good.

"The dump appears to contain all of the [CEO's] business/corporate e-mails, source code for all of their websites, mobile applications, and more," researchers from TrustedSec wrote in a blog post published Thursday. "Note that we do not plan on performing analysis on the actual files due to the sensitivity of the dump however, it does appear to be legitimate like the other dump."

They continued:

Interesting enough—if this turns out to be legitimate which it in all aspects appears to be—having full source code to these websites means that other hacker groups now have the ability to find new flaws in Avid Life’s websites, and further compromise them more.

If there was any question to the validity of the data before – those should be removed now.

It's not immediately clear what to make of the corrupted archive file. Possibilities include a hoax or a computer error. Avid Life Media officials have yet to respond to the new release. This post will be updated if they do.

Post updated to report archived e-mail file can't be opened.

Channel Ars Technica