The Ashley Madison hack is proving to be a very expensive one. Well, Ashley Madison is an online cheating website that allows married couples to have affairs “discreetly”. The website’s slogan is “Life is short, have an affair” was hacked exposing its 37 million users. The hack exposed user’s “financial records (bank account data & salary information, the company’s user databases and other proprietary information like Avid Life Media’s (the website’s owner) properties, maps of the company’s servers and employee network information”.
The company initially denied the extent of the hack but hacker group The Impact Team retaliated with 3 data dumps which included user email addresses, internal company emails and even user’s names, credit card information and messages sent through the service. Users have gone on to file a class action suit against the service for $700 Million accusing it of breach of user privacy. There have also been reports of suicides attributed to the information leaks. The leak saw websites crop up that allow users to search if they were affected by the breach. These sites are also subject to a suit in addition to Amazon and Go Daddy, which host the websites.
There seems to be a new problem. A group of crackers have discovered flaws in the code that make more than 15 million of the Ashley Madison account passwords orders of magnitude faster to crack. OOPS! Prior to the hack, Ashley Madison the website prided itself in offering in offering utmost encryption for its users. The website used cryptographically protected using bycrpt algorithm, an algorithm slow and demanding that cracking passwords for the 36 million hacked accounts would have taken ages. But not so much. The crackers have so far managed to decipher more than 11 million of the passwords in the past 10 days. The crackers referred to as CynoSure Prime found the flaws in the code after reviewing thousands of lines of code. Well, looks like life just got a whole lot harder for the cheats.
Source: Arstechnica