Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicAnybody believe this guy - Ashley Madison leak
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | ... | 17
jpoc
1043 posts

Uber Geek


  #1370717 20-Aug-2015 09:51
Send private message

mrtoken: there is a couple of problems.

Notice this in the story

A lawsuit "See Ashley Madison fake profile lawsuit; 90-95 per cent of actual users are male."
Sounds like there are a lot of fake woman profiles made by the owners of the site.

And 
But as Wired notes, Ashley Madison's sign-up process does not require verification of an email address to set up an account.
So anyone could put in Johns email address without john knowing 





There are so many that there is a lawsuit from a woman who claims that she developed RSI from creating fake profiles. In their court filings A-M did not deny that the woman was employed to create fake profiles.



wasabi2k
2096 posts

Uber Geek


  #1370718 20-Aug-2015 09:53
Send private message

A lot of news sites have made the same point: There is NOTHING stopping someone from creating an account with a fake email address/someone else's email address.

That being said - I hope some people get nailed by this. 100% deserved, zero sympathy.

freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1370791 20-Aug-2015 10:58
Send private message

Let's see...

 

  • 95% Male
  • 5% Female with high chances of these being fake profiles anyway
  • Charged to delete profiles
  • Didn't delete profiles even after being paid to do so
  • Didn't verify email addresses
Sounds legit.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup



DizzyD
523 posts

Ultimate Geek
Inactive user


  #1370816 20-Aug-2015 11:34
Send private message

freitasm: Let's see...

 

  • 95% Male
  • 5% Female with high chances of these being fake profiles anyway
  • Charged to delete profiles
  • Didn't delete profiles even after being paid to do so
  • Didn't verify email addresses
Sounds legit.



I guess the fact that it did not verify email addresses is not really that important.
The dump includes peoples credit card numbers, payment transaction, names, addresses etc... That sort of information quiet easily ties users to the website. Verified email address or not. 

frankv
5680 posts

Uber Geek

Lifetime subscriber

  #1370833 20-Aug-2015 12:16
Send private message

DizzyD:
freitasm: Let's see...

 

  • 95% Male
  • 5% Female with high chances of these being fake profiles anyway
  • Charged to delete profiles
  • Didn't delete profiles even after being paid to do so
  • Didn't verify email addresses
Sounds legit.



I guess the fact that it did not verify email addresses is not really that important.
The dump includes peoples credit card numbers, payment transaction, names, addresses etc... That sort of information quiet easily ties users to the website. Verified email address or not. 


Soooo... how do they validate credit card numbers and transactions? If I was (say) a waitress with a grievance and a ponytail, could I have recorded JK's CC details, and then enrolled JK at AM without his knowledge (and at his own expense), either with his real email address or some other email address?

fortydayweekend
35 posts

Geek


  #1370834 20-Aug-2015 12:17
Send private message

Lias: As others have noted the torrent is linked at TPB and other places, but I have a copy of the dump if anyones particularly worried just send me your email address :-)


How do I know you won't just add my email address to the list??? :)

fizzychicken
313 posts

Ultimate Geek


  #1370842 20-Aug-2015 12:29
Send private message

read comments for info on places you can test addresses.

http://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/#more-32023

best security blog imo.




https://keybase.io/fizzychicken

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
DizzyD
523 posts

Ultimate Geek
Inactive user


  #1370845 20-Aug-2015 12:34
Send private message

frankv:
DizzyD:
freitasm: Let's see...

 

  • 95% Male
  • 5% Female with high chances of these being fake profiles anyway
  • Charged to delete profiles
  • Didn't delete profiles even after being paid to do so
  • Didn't verify email addresses
Sounds legit.



I guess the fact that it did not verify email addresses is not really that important.
The dump includes peoples credit card numbers, payment transaction, names, addresses etc... That sort of information quiet easily ties users to the website. Verified email address or not. 


Soooo... how do they validate credit card numbers and transactions? If I was (say) a waitress with a grievance and a ponytail, could I have recorded JK's CC details, and then enrolled JK at AM without his knowledge (and at his own expense), either with his real email address or some other email address?


Most online services/stores validate credit card numbers when you pay for a service on their website. (They taking your money)
Therefore if you were ever a legitimate user on the site, you probably used your credit card sometime to make a payment to them. When entering your CC number you would have had to enter the CC number, expiry, and CCV code, and possibly address. (ever tried to make a payment online with an incorrect name/address tied to your card?) From what I have read, all of this information is available in the data dumps.

Pretty scary to say the least. This is a breach like no other.

As for the waitress, with a grievance, sure that can happen too.

The real question. If your looked up your spouse's email address in the dump, he is she listed as a paid subscriber, you found his/her exact credit card number, address, phone number, birthday, and a couple of other things. You even see the dates of the credit card transactions for payments made to the site. Are you going to believe them when they say they had nothing to do with it? 

http://qz.com/482875/whats-in-the-ashley-madison-database-that-hackers-released-online/

The breach contains data on 32 million Ashley Madison users, including names, usernames, addresses, phone numbers, and birth dates. The data also include users’ descriptions of themselves, often revealing their intentions in using the site—things like “I May Be Spoken 4 But I Speak 4 Myself” and “Let’s start as friends…”

It also reveals several million individual credit card transactions that went to Ashley Madison. Each of these indicates the name of the person involved, their address, the last four digits of their credit card number, and the amount paid, among other information. Here is a sample transaction, with every piece of data changed—keep in mind there are over 9 million more of these:

jmh

jmh
458 posts

Ultimate Geek


  #1370859 20-Aug-2015 12:59
Send private message

Some time ago I signed up for a dating site because I heard that someone I knew was on there.  I logged in, had a look around and then left.  Didn't put up a profile or anything.  Fortunately they allowed me to delete my account.  It sounds really dodgy that they charge for you to delete an account. Still I guess they don't feel they need to take the moral high ground given the point of the site.

JaseNZ
2576 posts

Uber Geek

ID Verified
Lifetime subscriber

  #1370910 20-Aug-2015 14:57
Send private message

You can search email address database here.

https://ashley.cynic.al/




Ding Ding Ding Ding Ding : Ice cream man , Ice cream man

Jaxson
8041 posts

Uber Geek

Trusted

  #1370914 20-Aug-2015 15:06
Send private message

Ironically this is probably good advertising for this site.  I'm not in need of these types of services personally, but had never heard of the site before now.

JWR

JWR
821 posts

Ultimate Geek


  #1370927 20-Aug-2015 15:44

Presso: You can search email address database here.

https://ashley.cynic.al/


I'd advise against giving your email to a site like this.

mattwnz
20141 posts

Uber Geek


  #1370929 20-Aug-2015 15:53
Send private message

jmh: Some time ago I signed up for a dating site because I heard that someone I knew was on there.  I logged in, had a look around and then left.  Didn't put up a profile or anything.  Fortunately they allowed me to delete my account.  It sounds really dodgy that they charge for you to delete an account. Still I guess they don't feel they need to take the moral high ground given the point of the site.




I think this is quite common. I think many wives and husbands probably also catch their partners out, by setting up a fake account and seeing if they are on it. This is why you have a disposable email account, such as one your ISP gives you.

DravidDavid
1907 posts

Uber Geek


  #1370946 20-Aug-2015 16:22
Send private message

LOL @ the .govt.nz addresses!

 


It's like the herald's wet dream has come true.

notesgnome
116 posts

Master Geek

ID Verified
Lifetime subscriber

  #1370950 20-Aug-2015 16:27
Send private message

fizzychicken: read comments for info on places you can test addresses.

http://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/#more-32023

best security blog imo.


I read this blog often, and the information on there stating that most, if not all, of the 'leaked databases' (and there are plenty of different ones) are fake is pretty convincing.

1 | 2 | 3 | 4 | 5 | 6 | 7 | ... | 17
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright