Data Protection Report - Norton Rose Fulbright

The hackers behind the Ashley Madison attack, who call themselves the “Impact Team,” have continued to release user and internal data on the dark web.

As reported in our sister publication, Financial Institutions Legal Snapshot, the first data dump consisted of 10 gigabytes of personal data, including account details, log-in information, and credit card and other payment transaction details for more than 30 million users of the site.  The Impact Team warned that it would continue to leak data on a daily basis (including the legal names of users) until Ashley Madison and its related site, EstablishedMen, were shut down.

A few days later, the Impact Team struck again, leaking almost 20 gigabytes of internal data mined from Ashley Madison’s internal operations, including the site’s source code and emails from the CEO of Ashley Madison’s parent company, Avid Life Media.

Some security experts have speculated that the breach may have been perpetrated by someone within the company.  John McAfee, founder of antivirus software company McAfee, declared in an International Business Times article that the site was “not hacked,” alleging that the sole female employee of Avid Life Media was behind the attack.

“A hacker is someone who uses a combination of high-tech cybertools and social engineering to gain illicit access to someone else’s data,” McAfee wrote. “But this job was done by someone who already had the keys to the Kingdom. It was an inside job.”

Authorities continue to investigate the breach, and have not opined on allegations that it was an inside job.  The identity of the Impact Team remains unknown, with Ashley Madison offering a CAD 500,000 reward for information leading to the arrest of those responsible for the attack.

To subscribe for updates from our Data Protection Report blog, visit the email sign-up page.