Security and high profile sites get 'pwned'

[digidog]

Adultery website Ashley Madison has been hacked. That may not sound like big news, however the hackers have gained the personal information of some 37 million members (sic) and are threatening to publish users' personal details, including their sexual fantasies, unless the site is shut down. A christian hacking group, perhaps?

http://www.theregister.co.uk/2015/07/20 ... on_hacked/

[digidog]

There's been a sophisticated cyber-attack on a Pentagon email network -- Russia is suspected to be behind it. This was a spear-phishing attack in which someone was tricked into opening a bogus email which went on to infect the entire network. 4,000 accounts were affected and the network was shut down for two weeks.

US officials did not say whether the attack has been linked to individuals or the Russian government but said it was "sophisticated."

One official said: "It was a spear-phishing attack traced to that country (Russia)," Another told NBC News: "It was clearly the work of a state actor."

The hackers used encrypted social media accounts to launch the attack. They also used an automated system that quickly collected huge amounts of data.

No classified information was obtained but the Pentagon decided to shut the email system down.

[Foggyone]

Carphone Warehouse has taken three days to go public about a serious data breach affecting nearly 2.5 million customers – with the confession that up to 90,000 subscribers may have had their credit card info ransacked.


Carphone Warehouse said its websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk had been affected by the attack. Those sites provide services for customers at iD Mobile, TalkTalk Mobile, Talk Mobile and an undisclosed number of Carphone Warehouse customers.

Carphone Warehouse coughs to MONSTER data breach – 2.4 MEELLION Brits at risk

[digidog]

The Ashley Madison hack just got worse for some 37 million users.

A 10-gigabyte file purportedly containing e-mails, member profiles, credit-card transactions and other sensitive Ashley Madison information became available as a BitTorrent download in the past few hours.

The service promised its members complete "anonymity" -- I sense a few lawsuits may be forthcoming.

[digidog]

The Ashley Madison scandal continues to deliver. With some serious researchers analysing the data dumps, the whole basis of the site seems less grounded in extra-marital affairs and more like a very large scale fraud. writing in Gizmodo, Annalee Newitz found interesting data in user IP addresses.

The most popular IP address among men and women belonged to a company called OnX, which hosted Ashley Madison’s backups. That could mean a number of things, including that those were all accounts created by people working at Ashley Madison.

And the second most popular IP address was even more telling.

This IP address, 127.0.0.1, is well-known to anyone who works with computer systems as a loopback interface. To the rest of us, it’s known simply as “home,” your local computer. Any account with that IP address was likely created on a “home” computer at Ashley Madison.

Most damning of all...

Out of 5.5 million female accounts, roughly zero percent had ever shown any kind of activity at all, after the day they were created.

If that isn't fraud, then I'm a banana.

A relevant 2012 lawsuit against Ashley Madison has also come to light. A Brazilian women living in Canada sued the company after she developed severe pain in her wrists and forearms.

She was soon asked to create 1,000 “fake female profiles” meant to lure men to the new Brazilian Ashley Madison site — and given only three weeks to complete the work, the document alleges.

“The purpose of these profiles is to entice paying heterosexual male members to join and spend money on the website,” it reads.

“They do not belong to any genuine members of Ashley Madison — or any real human beings at all.”

No further details are available as AM settled that case out of court. Lawyers have already begun class action suits against Ashley Madison with one Canadian seeking CDN$760m (NZ890,475m) in damages. You can guarantee that there'll be a lot more legal action to follow.

The Register headline sums up the situation perfectly -- Company in shambles, marriages ruined. My work here is done, says Ashley Madison CEO


Related:
Brian Krebs on the trail of the hacker

[digidog]

British telecom company TalkTalk has finally admitted it was the victim of a “significant and sustained” cyber-attack and the theft of credit card and bank details of up to 4 million customers. It's the company's third major hack in 12 months and TalkTalk admit that "stolen customer data may not have been securely encrypted".

"May not have"? Either the data was securely encrypted or it wasn't. The word "may" should not enter into the equation.

[digidog]

Incredibly, Ashley Madison claims to have added 4m new users since the big hack in August. While the risk of having your data exposed may not matter to these people, you'd think the revelation that there are NO REAL WOMEN on the site would be enough to pursuade even the dumbest philanderer to keep his credit card in his pocket.

There is no accounting for stupid people.

[digidog]

Ars concludes that Ashley Madison's 4m new users are most likely bots.

Nothing to see here folks... moving right along.

[Googlybear]

You can get some interesting results by using google image search to reveal were the bots stole the profile image from.

https://www.ashleymadison.com/app/priva ... h.43768261

http://www.viralspell.com/help-a-dude-o ... he-school/


Who would know famous porn star brandi love has apparently living in Auckland?

https://www.ashleymadison.com/app/priva ... h.43768261

http://www.forosperu.net/temas/brandi-l ... lf.774493/


The majority of the images however are just `borrowed` from stock photo sites

https://www.ashleymadison.com/app/priva ... h.43768261

https://www.google.co.nz/search?tbs=sbi ... e&hl=en-NZ