You’ve read that Ashley Madison user data supposedly has been posted online, and you’re:
a) a cheater who’s freaking out;
b) a suspicious spouse itching for a fight; or
c) a divorce lawyer daydreaming about that yacht you’ve always wanted.
But just how easy is it for regular folks to find this stuff?
Pretty easy, if you know what you’re doing. Some experienced users say they have found the data, and they’re circulating easy-to-use search tools.
Hackers reportedly said they posted on the Web personal data of millions of people registered on Ashley Madison, a website that targets people looking to have extramarital affairs. The reports said the hackers claim to have posted 9.7 gigabytes of files that include sensitive data including credit card transactions, email addresses and more.
Many online security experts say they’ve seen the data and that it appears real.
We at Blue Sky Innovation found what appears to be the hacked information within minutes, with the help of a tech-savvy colleague who found it on a pirating site known for illicit file sharing. The file package we saw included filenames such as “ashleymadisondump,” “member_details,” and “CreditCardTransactions.”
We didn’t download it, partly because it was so huge and partly because it might have been illegal.
“It certainly could be a crime to receive or possess stolen property,” said Joseph Fitzpatrick, spokesman for the U.S. Attorney’s office in Chicago. “Once you download or distribute hacked information without specific permission or a fair use license, you’ve exposed yourself to potential criminal liability under the Computer Fraud and Abuse Act. An individual who retweets or forwards a link to a website containing hacked information could potentially be viewed as an accessory to the hack after the fact.”
Many people won’t get that far.
“Even if you could download it, most people don’t have a computer big enough to open the file,” said Cameron Banga, co-founder of 9magnets, a Valparaiso, Ind.-based mobile app developer.
But people with both bigger computers and better tech chops told Blue Sky they’re already working with the data, and search tools specific to the Ashley Madison hack are already circulating. One allows people to see if the hacked files include a particular email address.
Seth Kravitz ?, co-founder of Chicago-based startup booster Technori, said he quickly found a site that listed more than 6,400 government emails that supposedly are part of the Ashley Madison data dump.
“It will just take a short time before there will be plenty of ways to search for names,” Kravitz said in an email response to a question.
Soundslice co-founder Adrian Holovaty agreed.
“I would completely expect somebody to make a search tool for non-tech-savvy people to use,” he said. “It’s only a matter of time.”
Email: jccarpenter@tribpub.com * Twitter: @ScoopCarp
