Hackers dump SECOND, even bigger batch of Ashley Madison records with taunting message to millionaire founder of 'cheating dirtbag' site
by Dailymail.com Reporter
PUBLISHED: 14:13 EST, 20 August 2015
UPDATED: 09:12 EST, 21 August 2015
• Reports of a second wave of secret documents revealed from the hacked infidelity site
• Hackers 'the Impact Team' posted another huge tranche - amounting to 20GB of files - on the same dark web
• They boasted of the second wave directly to the beleaguered company's CEO multi-millionaire Noel Biderman
• 'Hey Noel, you can admit it's real now', the message read
• The company has refused to admit all the information that has been released came from their site
• First wave included 9.7 gigabytes of raw data including names, addresses, phone numbers and sexual fantasies of registered users
• University of Texas, Sony, Boeing and Bank of America all appear in domain names of alleged users posted online
• Government workers with sensitive White House, law enforcement and congress jobs have admitted using the site after being exposed
• Pentagon and FBI are now investigating the leak amid fears it provides potential for blackmail of government officials
A second, even bigger, cache of files exposing details about the adultery website Ashley Madison has been released.
Hacking group 'the Impact team' at lunchtime on Thursday released another mine of documents and confidential information to back up their first 9.7 gigabyte leak, according to Vice.
The new documents were dumped with a taunting message to the adultery website's founder as exposed users began to publicly admit their involvement.
'Hey Noel, you can admit it's real now,' read the post - presumably directed at the company's millionaire CEO Noel Biderman, who has refused to admit the material is all legitimate. The 20GB is focused on the inner workings of the website rather than individual subscribers but the release will do little to calm the nerves of the cheaters whose personal details have been exposed. Denial: Hackers have released a second wave of Ashley Madison secret documents with a message mocking the cheater website's founder Noel Biderman, pictured centerDouble-down: The second wave of documents have now been revealed and come to almost twice the size of the first leakThe Associated Press traced many of the accounts exposed by hackers back to federal workers.
They included at least two assistant U.S. attorneys; an information technology administrator in the Executive Office of the President; a division chief, an investigator and a trial attorney in the Justice Department; a government hacker at the Homeland Security Department and another DHS employee who indicated he worked on a counter-terrorism response team.
AP traced their government Internet connections — logged by the website over five years — and reviewed their credit-card transactions to identify them. They included workers at more than two dozen Obama administration agencies, including the departments of State, Defense, Justice, Energy, Treasury, Transportation and Homeland Security. Others came from House or Senate computer networks.
Many federal customers appeared to use non-government email addresses with handles such as 'sexlessmarriage', 'soontobesingle' or 'latinlovers'.Some Justice Department employees appeared to use pre-paid credit cards to help preserve their anonymity but connected to the service from their office computers.Defense Secretary Ash Carter confirmed the Pentagon was looking into the list of people who used military email addresses. Adultery can be a criminal offense under the Uniform Code of Military Justice.
Several searchable databases of names, emails and sexual fantasies linked to the first data leak had to shut down within minutes of going live because they could not cope with demand from suspicious spouses.The second appears to include personal information and emails of the CEO with folders entitled Noel Biderman.mail.
Other folders are titled mobile, product and design. 'The dump appears to contain all of the [CEO's] business/corporate e-mails, source code for all of their websites, mobile applications, and more,' researchers from TrustedSec wrote in a blog post published Thursday.
Another document shows the website were aware of the privacy dangers and discussed a potential security breach.
A file called 'Areas of concern – customer data.docx' a worker flagged potential hacking hazards. User? A report claims that Josh Duggar (above with wife Anna and daughter Meredith) had multiple Ashley Madison accountsApology: Josh Duggar made a public apology for living a 'double life' and being unfaithful after being named in the Ashley Madison leakIt comes as lists of email addresses - purporting to show registered users of the adultery site - have been shared across the web and in the controversial forum 4chan - without any evidence or means of validation.
Sony, Boeing and the United Nations are among those institutions whose domain names appear in the long lists of alleged users.
Bank staff also make regular appearances. Marketwatch counted up bank domain names to reveal 175 from Wells Fargo, 76 from Bank of America, 73 from Deutsche Bank, 51 from Citigroup, 45 from Goldman Sachs, 28 from PNC Bank, 15 at U.S. Bancorp, 14 at Bank of New York Mellon, nine at J.P. Morgan Chase and four at Capital One. Dailymail.com has obscured the first names on those lists as it cannot be confirmed whether they appear in the leak's raw data or whether those emails were used by their owners in good faith or stolen by others to set up Ashley Madison accounts.
What the information does show is that the fall-out from the attack by the mysterious hacking group 'the Impact Team', and deemed legitimate by experts and Ashley Madison itself, will be felt for weeks, if not months, to come. The first wave of personal and intimate information of the site's 37 million registered members was dumped in the 'dark web' late on Tuesday.
The dark web requires specific software for access and information it contains cannot be examined by regular search engines.
The first famous name to be embroiled in the scandal emerged yesterday, as Gawker claimed Josh Duggar was the owner of more than one account on the site where adulterers seek strangers for casual sex.
Duggar was allegedly looking for 'conventional sex, experimenting with sex toys, one-night stands, sharing fantasies, sex talk,' and more.
The site reported: 'Someone using a credit card belonging to a Joshua J. Duggar, with a billing address that matches the home in Fayetteville, Arkansas owned by his grandmother Mary - a home that was consistently on their now-cancelled TV show, and in which Anna Duggar gave birth to her first child - paid a total of $986.76 for two different monthly Ashley Madison subscriptions from February of 2013 until May of 2015.'
They also report that a second account was created in July 2013 'that was linked to his home in Oxon Hill, Maryland.'
Josh, 27, lived at this residence with his wife and children while working as a family values lobbyist for the Family Research Council in Washington DC.
Among the type of woman he was allegedly looking for, the profile said; 'naughty girl, aggressive / take charge girl, high sex drive and creative and adventurous.'
The disgraced 19 Kids and Counting star posted a public apology on the claims today.
He didn't admit he was a member of Ashley Madison but admitted being unfaithful to his wife and living a double life.Popular: Information from the hack shows the geographic make-up of the site's membership. According to data analyst dadaviz.com, these are some of the most popular cities for usersRevealed: This is a new world map showing the locations of all the members of Ashley Madison cheaters outed by hackers - but most databases linked to the data have failed to cope with demand
He and his conservative Christian family are outspoken advocates of no sex or physical contact before marriage and have openly spoken out against abortion and divorce. Duggar married his wife Anna in 2008 - sharing their first kiss on the altar.
Between 2013 and 2015 he worked for the Family Research Council which promotes marriage and family values and opposes abortion, divorce and pornography.He was forced to step down in May when a bombshell police report revealed he molested five children as a teen including four of his sisters.
He was never charged with a crime for the incidents as by the time police learned of the offenses the statue of limitations had passed, and his parents did not notify authorities in an official capacity after learning about their son's actions.
As a result TLC cancelled their hugely popular reality show.
'I have been the biggest hypocrite ever. While espousing faith and family values, I have secretly over the last several years been viewing pornography on the internet and this became a secret addiction and I became unfaithful to my wife,' he said.
'I am so ashamed of the double life that I have been living and am grieved for the hurt, pain and disgrace my sin has caused my wife and family, and most of all Jesus and all those who profess faith in Him.
'I brought hurt and a reproach to my family, close friends and the fans of our show with my actions that happened when I was 14-15 years old, and now I have re-broken their trust.
'The last few years, while publicly stating I was fighting against immorality in our country, I was hiding my own personal failings.
'As I am learning the hard way, we have the freedom to choose to our actions, but we do not get to choose our consequences. I deeply regret all hurt I have caused so many by being such a bad example.
'I humbly ask for your forgiveness. Please pray for my precious wife Anna and our family during this time.'Government workers contacted by the AP were similarly contrite.
'I was doing some things I shouldn't have been doing,' a Justice Department investigator said. Asked about the threat of blackmail, the investigator said if prompted he would reveal his actions to his family and employer to prevent it.
'I've worked too hard all my life to be a victim of blackmail. That wouldn't happen,' he said. Louisiana GOP Executive Director Jason Doré was named and claimed he used the site for “opposition research.”
Doré told NOLA.com that an account with his name and credit card information was used by his law firm, Doré Jeansonne.
He did not reveal on whose behalf he had accessed the site.'As the state's leading opposition research firm, our law office routinely searches public records, online databases and websites of all types to provide clients with comprehensive reports,' he said.
'Our utilization of this site was for standard opposition research. Unfortunately, it ended up being a waste of money and time.'Embarrassment: Boeing and Bank of America also appeared in the email addresses of supposed users Corridors of power: A list of apparent United Nations employees were also revealed to be users of the site
In the UK, married Edinburgh MP Michelle Thomson found her email among the leaked names.
She insists it is an out-of-use address that must have been registered in a smear campaign.
WILL ASHLEY MADISON BE SUED BY MEMBERS OUTED AS CHEATERS?
Ashley Madison could be sued by millions of members outed by hackers, lawyers have said.
Data protection specialist Paula Barrett, from Eversheds, believes there may be a rush for 'no-win no fee' cases as firms rush to cash in on the shame.
She told the Financial Times: 'It would not surprise me if people came forward to bring claims against Ashley Madison'.
Those who had accounts set up maliciously by enemies and may also have grounds to sue.
A woman from the St. Louis, Missouri, identified in court papers as 'Jane Doe,' filed a federal lawsuit against Avid Life just days after the breach became public, saying that she had paid the website a $19 fee to permanently delete her information.
The hackers have claimed that the information of people who paid the fee never actually was deleted, citing it as one of their reasons for the attack.
Others say, however, people may not want to go to court because they would be confirm they were on the 'cheat list'.
One web developer who helped publish the data after it was released said: 'To Ashley Madison's development team: You should be embarrassed for your train wreck of a database (and obviously security), not sanitising your phone numbers to your database is completely amateur, it's as if the entire site was made by students.'
The scandal threatens to expose the affairs of members who purportedly walk the highest corridors of power.
Only 2.3 million are considered 'active' users of the site but the hack includes names and details of anyone who has ever registered - even if they didn't use the services to have a full-blown affair or quit their philandering ways years ago.
Up to 15,000 names among the raw data are listed from email addresses with the domain names .mil or .gov - the official addresses of U.S government and military employees.
Ashley Madison admits it doesn't verify email addresses so some are known fakes.Barack Obama and Tony Blair are among the fake names and email addresses that have already been exposed. However, several emails are legitimate.
The case has prompted many experts to remind employees about the dangers of using work addresses for private enterprise.Will Schwalbe, co-author of SEND: Why People Email So Badly and How to Do It Better, told Time that email is 'the single most dangerous piece of equipment in the office'.
'The danger of using work email for personal business is that, if there’s some kind of legal issue that comes up at your workplace involves having to investigate emails, then every single thing you’ve done with your email work address is fair game,' he added.
World maps show the extent of the scandal with the U.S. among the worst affected given the sheer number of users signed up to the controversial date site.
Washington D.C., Houston, New York and Chicago are some of the cities with the largest number of users.
In May, the Washington Post reported that D.C. had the highest rate of membership on the site for the third year running and Capitol Hill was the neighborhood with the highest number of new recruits.
Many have made fun of the hack with memes springing up online showing sweating husbands and jubilant divorce lawyers, but there are also serious implications for the revelations. The French leak monitoring firm CybelAngel said it counted 1,200 email addresses in the data dump with the .sa suffix, suggesting users were connected to Saudi Arabia, where adultery is punishable by death.One wrote online under the title 'I May Get Stoned to Death for Gay Sex and wrote: 'I am from a country where homosexuality carries the death penalty.
'I BEG you all to spread this message. Perhaps the hackers will take notice of it, and then, I can tell them to (at the very least) exercise discretion in their information dump (i.e. leave the single gay arab guy out of it). As of now, I plan on leaving the Kingdom and never returning once I have the $ for a plane ticket. Though I have no place to go, no real friends, and no job.' Warning: Impact Team say Ashley Madison members should not have anonymity because they are 'cheating dirtbags' and deserve no such discretion' as they published the data in fullTongue in cheek: This viral adapts an Ashley Madison advert to reflect the fact that millions of anonymous users are no longer able to keep their membership a secret
Sites giving cheated spouses the opportunity to search the data also come with their own security dangers. People are being warned not to use sites that demand a slew of personal details before offering them access to the database because they may be later blackmailed.
These dangers come on top of the immediate result of potentially ruining thousands of relationships.
One married engineer who joined because he wanted to have sex with women behind his wife's back told DailyMail.com: 'I am terrified my wife will find out'.
The American, who has asked not to be named, said: 'I went through a tough spot in my marriage and I signed up one night out of frustration.Set up: A 9.7 gigabyte data file has today been posted to the dark web claiming to have account details and log-ins and even credit card details of people who use the social networking site to have affairsWizards: Internet users have harnessed the data published yesterday to allow people to search, but they have failed to cope with demand Victim: Married politician Michelle Thomson, pictured with Scottish National Party leader Nicola Sturgeon, said her identity was 'harvested' by hackers who falsely suggested she was an Ashley Madison member
'It was a whim. I would never have cheated on her.'
One Irish member said he had set up an account and told Dailymail.com he is married but was 'inquisitive' about meeting other women.
He said: 'I did sign up but never used the account. I'm a bit annoyed to be honest - I set it up with the intention of using it but was unable to access it due to work restrictions.
'Now my details are all over the internet'.
Divorce lawyers warned the hack could have disastrous consequences for marriages, even if no affair had taken place.
Elizabeth Hicks, a partner at legal firm Irwin Mitchell, said: 'While being on the list is obviously not proof of an affair, it is likely to erode the trust in the relationship.'
Ashley Madison had promised total discretion but senior staff reportedly raised concerns over security procedures in June.
Chief executive Noel Biderman had described the company's computer servers as 'kind of untouchable'.
Avid Life Media, based in Canada, condemned the hack as 'an act of criminality' and said the FBI and police were investigating.
LOTS OF STAMINA, BLINDFOLDING... BUT A TOUCH OF GENTLENESS: WHAT ASHLEY MADISON USERS ARE LOOKING FOR FROM ILLICIT AFFAIRS
There's no doubt that those who log on to the Ashley Madison website are looking for a rather eclectic mix of qualities from their illicit affairs.Perhaps unsurprisingly, one of those most popular options chosen by users is number 45, which requests 'lots of stamina'. There is also much demand for 'blindfolding', while more confident users hoping to live out their Christian Grey fantasies can opt for number 50: 'Someone I can teach'.In a section on their profile, account holders can describe what they are 'looking for' by listing a series of preferences in the bedroom, including 'erotic tickling' and 'dressing up/lingerie' (file picture)
Users can also reveal their preferred methods: erotic moves (number 34); erotic tickling (number 35); light, kinky fun (number 40) and experimenting with tantric sex (number 21). For those feeling a little experimental, they can select number 23 (which reads 'experimenting with sex toys') or 'dressing up/lingerie', which is listed as number 32.
Other items on the list include gentleness, bondage, fetishes, spanking, role play, sex talking and the ever-so-discreet option of 'good with your hands'.
Meanwhile, some users opt for transvestism, while others prefer aggressiveness. For those on the other end of the scale craving a bit of romance, there is the option of a 'bubble bath for two' (number 28) and 'cuddling and hugging' (number 29).
And for users who want a more straightforward arrangement, there is the ever-reliable number seven: conventional sex. A second section then asks users to describe what they are 'open to', allowing them to delve further into their sexual fantasies.
Choices include a 'Don Juan' (number 1), a 'Boy Next Door' (number 47) and a 'Bad Boy' (number 36), while some even select the more perverse option of a 'father figure' (number 51). People can also request a 'Sugar Daddy' or a 'Sugar Baby'.
Users can also go into detail about what they want physically from the person, including tattoos, body piercings and 'casual jeans/t-shirt types'.
There are also options for tall height, short height, long hair, short hair and BBW - the abbreviation for Big Beautiful Women - as well as facial hair and a 'full-sized body'.
For those who are care about the personality of their sexual partner, there are those who can opt for 'hopeless and romantic,' while others can select 'relaxed and easygoing' and 'creative and adventurous'.
For some users, a 'secret love nest' is an important factors, while others request 'imagination' and a 'high sex drive' in the mix.
And for the more cautious, the popular selections are 'disease free' (number 55) and, for a website of this nature, the all-important number 11: discretion.
On Wednesday, they denied credit card details were accessed in the leak and opened members up to fraud, but admitted some of the information was legitimate.'There has been a substantial amount of postings since the initial posting, the vast majority of which have contained data unrelated to AshleyMadison.com but there has also been some data released that is legitimate.
'Furthermore, we can confirm that we do not - nor ever have - store credit card information on our servers'.
Many members say there is evidence that their credit card numbers were taken and the company is wrong. 24 hours earlier they released a full statement on the attack but haven't commented in response to the second wave of information.
'We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort', it said.
'Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.
'This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities.
'The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world.
'We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.'
In a statement posted with the hacked data, Impact Team attacked the 'fraud, deceit and stupidity' of the site and its members.
'Find yourself in here? It was ALM that failed you and lied to you.'