AshleyMadison Hack Bites MI State Police

[Lowell]

At least 17 signups using @mi.gov email addresses have surfaced as accounts in the recently hacked infidelity site ashleymadison[dot]com including two State Police officers according to DeadlineDetroit.

Why anyone would use a work email address to sign up for anything let alone a hookup service that encourages cheating on partners boggles the mind. Particularly when it is a snap to create a free gmail, yahoo or other free account.

"Whatever you do on the internet is forever," I have long advised and this hack promises to unfold with continual celebrity outings, extortions and and even national security compromises. Regarding the latter, over 15,000 .mil accounts [.mil is used by US armed forces] have been exposed according to KrebsOnSecurity.com making those parties vulnerable to extortion for secrets.

Krebs is also reporting that extortions have already begun. Some are sophisticated 'spear-phishing' attacks where the target is sent an blackmail threat with an attachment containing the 'full details'. Opening the attachment is loading ransom-ware on the target's computer, locking down all data, that can only be recovered by paying a ransom in bitcoin.

I have been following this hack since it surfaced a month ago when the hactivist group 'Impact Team' announced it had the full information of 37 million A/M accounts including addresses, pictures, sexual preferences, transactions and more.

At the time Impact team demanded the A/M shut down completely or they would release the data on the Dark net and other dumping points. In particular they were furious at A/M's sleezy near-extortion practice of charging members $20 to close and erase their accounts, a promise not kept as the data remained behind as Impact Team discovered.

When A/M failed to do so after 30 days Impact Team dumped the data earlier this week and the hornet's nest is open.

A couple of points.

1-A/M did not validate email addresses for accounts. For instance when someone signs up for DetroitYES, a validation email is sent to the email address supplied with an activation link. This is to prove that the email address used is actually a real address. Therefore it is possible for someone to use another person's email address for A/M, but the accompanying information along with the items added to one's profile would probably show who is who.

2-A good place to check to see if your email address and its password has been breached in any of the internet's mega hacks, is Have I Been Pwned?

What a world.

[mtburb]

Looked up my email on the site linked in point two and the only one I was involved in was what that site claims was the largest hack ever, involving Adobe in October 2013.

[Jimaz]

More so than most, this story has been both hilarious and tragic at the same time. I'm wondering what the aftermath will be.

I can't find it now but there was a recent story, probably in the Free Press, that listed the kinds of government officials/employees that had been caught up in this mess. It was pretty staggering. There were a lot of I.T. people too. You'd think they'd know better how not to get caught. LOL!

[Jimaz]

Looked up my email on the site linked in point two and the only one I was involved in was what that site claims was the largest hack ever, involving Adobe in October 2013.

Mine came back with "Good news — no pwnage found! No breached accounts and no pastes."

Now I feel like I live a disappointingly dull life.

[Towne Cluber]

As awful as something such as Ashley Madison is...these hackers should put their skills towards something more useful [[i.e. shutting down terrorists, child porn, etc. sites).

[DetroiterOnTheWestCoast]

As awful as something such as Ashley Madison is...these hackers should put their skills towards something more useful [[i.e. shutting down terrorists, child porn, etc. sites).

I totally agree. We have enough Morality Police in this country.

[313WX]

Why anyone would use a work email address to sign up for anything let alone a hookup service that encourages cheating on partners boggles the mind. Particularly when it is a snap to create a free gmail, yahoo or other free account.

Because some people are just stupid.

[Lowell]

Looked up my email on the site linked in point two and the only one I was involved in was what that site claims was the largest hack ever, involving Adobe in October 2013.

Me too. Changed that password when it happened.

I encourage everybody to use a unique password for every account created. This can be done easily by using a password manager program. A lot of people make the mistake of using the same password for everything. Even if it is a strong password, it will open all your doors once hacked.

[BankruptcyGuy]

What I found funny was something that I heard--Ashley Madison was selling the permanent removal of any incriminating evidence from their records for $19 or something. I guess the hackers determined that was complete bull, and that's when the threats [[shut it down or else) started.

[3WC]

Jimaz: Ditto.

[Wesley Mouch]

What I found funny was something that I heard--Ashley Madison was selling the permanent removal of any incriminating evidence from their records for $19 or something. I guess the hackers determined that was complete bull, and that's when the threats [[shut it down or else) started.

While I think our legal system is among the best in the world, it has weaknesses. Cost of engaging. Prosecutors with agendas. Politicization.

That said, I think 'anonymous' [[was it?) found that their charging for 'permanent removal' was unjust. I agree. Their whole service is predicated on the idea that their service provides you the ability to cheat without being caught. So selling privacy is rather greedy of them. They already got their money.

I dislike vigilante justice. We see so much here on the forum. But at least in this case, I am on the side of justice. Feels so good.

[Lowell]

As I wrote above "In particular they were furious at A/M's sleezy [Avid Media the parent parent company] near-extortion practice of charging members $20 to close and erase their accounts, a promise not kept as the data remained behind as Impact Team discovered."

I agree with the dislike for the vigilantism and self-righteousness of Impact Team. It's a bit like old west bible-thumpers burning down the whorehouse and killing all the customers with it.

If they could have done a data dump that exposed just enough that the customers knew it was them but no one else could figure out it was them, I could get behind it.

This now will do doubt likely cause thousands of broken families, relationships, lost jobs and even suicides.

[401don]

A lot of people getting bit on the butt by this, not just those who made such a request.

[Dan Wesson]

I agree with the dislike for the vigilantism and self-righteousness of Impact Team. It's a bit like old west bible-thumpers burning down the whorehouse and killing all the customers with it.

If they could have done a data dump that exposed just enough that the customers knew it was them but no one else could figure out it was them, I could get behind it.

This now will do doubt likely cause thousands of broken families, relationships, lost jobs and even suicides.

"This now will do doubt likely cause thousands of broken families, relationships, lost jobs and even suicides.

It's part of the human condition these things already exist.

Yes you can bet there was an agenda not unlike the anti-abortionists using cloak and dagger tactics. Altruistic motives like not erasing info for the money is secondary, you can bet somebody was burned by AM previously.

Social media has made a lot of things easier, some of it like this hack of AM has consequences. Not unlike the consequences of adultery has always had.

Nothing new under the sun...

[BankruptcyGuy]

As I wrote above "In particular they were furious at A/M's sleezy [Avid Media the parent parent company] near-extortion practice of charging members $20 to close and erase their accounts, a promise not kept as the data remained behind as Impact Team discovered."

Clearly there is a disconnect between my eyes and brain somewhere. I read through your comment and completely missed that. Anyway, I tend to agree with your comment. Lots of damage here, helping no one.

[1953]

I've surprised myself with my own reaction to all of this: who cares if someone was cheating, or using their email address to do it? We all have desires, so no one should be surprised when an elected official or respected member of society has them, too.

1953

[G-DDT]

I've surprised myself with my own reaction to all of this: who cares if someone was cheating, or using their email address to do it? We all have desires, so no one should be surprised when an elected official or respected member of society has them, too.

1953

It only rankles me when said elected official used "family values" as a large premise for their own platform or image. Especially, when they played exposure and comparison games with their contenders or those in opposing political parties. Worse still, is when they go to great and bloody lengths to cover up such affairs. All that can make them out to be big hypocrites real quick.

[313WX]

I've surprised myself with my own reaction to all of this: who cares if someone was cheating, or using their email address to do it? We all have desires, so no one should be surprised when an elected official or respected member of society has them, too.

1953

If for no other reason, it's just plain theft, robbery and misuse of resources if they're doing it with their employer's time and money. In this case, the employer is taxpayers like you and I, and I'm certainly not paying these folks to jack off on porn sites or commit infidelities while on the job.

[DetroitBoy]

I've surprised myself with my own reaction to all of this: who cares if someone was cheating, or using their email address to do it? We all have desires, so no one should be surprised when an elected official or respected member of society has them, too.

1953

I agree. All this interest is ridiculous. You'd think people would have something better to be concerned about.

[Whitehouse]

What surprised me was that 90% of the accounts were male members. Not a lot of fish in the pond...

And why people are so infatuated by someone cheating on their partner, I don't have a clue. All those puritans who think they are holier than others, get a life!

[Wesley Mouch]

...This now will do doubt likely cause thousands of broken families, relationships, lost jobs and even suicides.

Lowell, its not sensible to say that A/M 'caused' the problem. They were one of many tools. The cause was infidelity.

[emu steve]

Couple of thoughts:

1). ONLY two state police e-mail accounts were found? TWO of anything out of thousands isn't bad. I assume there are always 1 or 2% whatevers in any group, profession, etc. For example, 1% of all [[fill in a profession, e.g., state troopers, politicians, teachers, pilots, doctors, etc.) were found to [[fill in the blank with something nefarious).

2). Yes, the stupidity of using a government [[or corporate) issued e-mail account. That invites disciplinary action. I assume most enterprises have what might be called "Rules of Behavior" which indicates inappropriate usage of the enterprises' IT resources.

[Wesley Mouch]

Couple of thoughts:

1). ONLY two state police e-mail accounts were found? TWO of anything out of thousands isn't bad. I assume there are always 1 or 2% whatevers in any group, profession, etc. For example, 1% of all [[fill in a profession, e.g., state troopers, politicians, teachers, pilots, doctors, etc.) were found to [[fill in the blank with something nefarious).

2). Yes, the stupidity of using a government [[or corporate) issued e-mail account. That invites disciplinary action. I assume most enterprises have what might be called "Rules of Behavior" which indicates inappropriate usage of the enterprises' IT resources.

In any organization, there are usually a few idiots. Good organizations constantlhy work to make sure the oddballs get filtered out. Bad organizations fester. Like the LIRR where 95% or so of employees became disabled on retirement to collect extra benefits.

Also consider that two employees used official emails. It could be possible that they were used in the conduct of their business. How might you investigate A/M if you don't register to at least understand the system, or see if you can find someone you might want to find. I should think they'd use fake accounts -- but who knows. Maybe there are rules.

[wolverine]

Looked up my email on the site linked in point two and the only one I was involved in was what that site claims was the largest hack ever, involving Adobe in October 2013.

I remember that, though if you changed your password you're fine.

[Scottathew]

Seriously, who uses their WORK email for this kind of thing. If I were to use their services, I would create a special email account just for the site.

I think the site is disgusting and that the people that use it are too. However, I don't think the information should have been leaked out, but I'm not about to lose any sleep over it.

The biggest shame goes to the site operators that didn't secure their user's data.