Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | ... | 17
855 posts

Ultimate Geek


  # 1370717 20-Aug-2015 09:51
Send private message

mrtoken: there is a couple of problems.

Notice this in the story

A lawsuit "See Ashley Madison fake profile lawsuit; 90-95 per cent of actual users are male."
Sounds like there are a lot of fake woman profiles made by the owners of the site.

And 
But as Wired notes, Ashley Madison's sign-up process does not require verification of an email address to set up an account.
So anyone could put in Johns email address without john knowing 





There are so many that there is a lawsuit from a woman who claims that she developed RSI from creating fake profiles. In their court filings A-M did not deny that the woman was employed to create fake profiles.

2091 posts

Uber Geek


  # 1370718 20-Aug-2015 09:53
Send private message

A lot of news sites have made the same point: There is NOTHING stopping someone from creating an account with a fake email address/someone else's email address.

That being said - I hope some people get nailed by this. 100% deserved, zero sympathy.

 
 
 
 


BDFL - Memuneh
64227 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1370791 20-Aug-2015 10:58
2 people support this post
Send private message

Let's see...

 

  • 95% Male
  • 5% Female with high chances of these being fake profiles anyway
  • Charged to delete profiles
  • Didn't delete profiles even after being paid to do so
  • Didn't verify email addresses
Sounds legit.





523 posts

Ultimate Geek
Inactive user


  # 1370816 20-Aug-2015 11:34
Send private message

freitasm: Let's see...

 

  • 95% Male
  • 5% Female with high chances of these being fake profiles anyway
  • Charged to delete profiles
  • Didn't delete profiles even after being paid to do so
  • Didn't verify email addresses
Sounds legit.



I guess the fact that it did not verify email addresses is not really that important.
The dump includes peoples credit card numbers, payment transaction, names, addresses etc... That sort of information quiet easily ties users to the website. Verified email address or not. 



2914 posts

Uber Geek

Lifetime subscriber

  # 1370833 20-Aug-2015 12:16
Send private message

DizzyD:
freitasm: Let's see...

 

  • 95% Male
  • 5% Female with high chances of these being fake profiles anyway
  • Charged to delete profiles
  • Didn't delete profiles even after being paid to do so
  • Didn't verify email addresses
Sounds legit.



I guess the fact that it did not verify email addresses is not really that important.
The dump includes peoples credit card numbers, payment transaction, names, addresses etc... That sort of information quiet easily ties users to the website. Verified email address or not. 


Soooo... how do they validate credit card numbers and transactions? If I was (say) a waitress with a grievance and a ponytail, could I have recorded JK's CC details, and then enrolled JK at AM without his knowledge (and at his own expense), either with his real email address or some other email address?

35 posts

Geek


  # 1370834 20-Aug-2015 12:17
Send private message

Lias: As others have noted the torrent is linked at TPB and other places, but I have a copy of the dump if anyones particularly worried just send me your email address :-)


How do I know you won't just add my email address to the list??? :)

286 posts

Ultimate Geek


  # 1370842 20-Aug-2015 12:29
Send private message

read comments for info on places you can test addresses.

http://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/#more-32023

best security blog imo.




 
 
 
 


523 posts

Ultimate Geek
Inactive user


  # 1370845 20-Aug-2015 12:34
Send private message

frankv:
DizzyD:
freitasm: Let's see...

 

  • 95% Male
  • 5% Female with high chances of these being fake profiles anyway
  • Charged to delete profiles
  • Didn't delete profiles even after being paid to do so
  • Didn't verify email addresses
Sounds legit.



I guess the fact that it did not verify email addresses is not really that important.
The dump includes peoples credit card numbers, payment transaction, names, addresses etc... That sort of information quiet easily ties users to the website. Verified email address or not. 


Soooo... how do they validate credit card numbers and transactions? If I was (say) a waitress with a grievance and a ponytail, could I have recorded JK's CC details, and then enrolled JK at AM without his knowledge (and at his own expense), either with his real email address or some other email address?


Most online services/stores validate credit card numbers when you pay for a service on their website. (They taking your money)
Therefore if you were ever a legitimate user on the site, you probably used your credit card sometime to make a payment to them. When entering your CC number you would have had to enter the CC number, expiry, and CCV code, and possibly address. (ever tried to make a payment online with an incorrect name/address tied to your card?) From what I have read, all of this information is available in the data dumps.

Pretty scary to say the least. This is a breach like no other.

As for the waitress, with a grievance, sure that can happen too.

The real question. If your looked up your spouse's email address in the dump, he is she listed as a paid subscriber, you found his/her exact credit card number, address, phone number, birthday, and a couple of other things. You even see the dates of the credit card transactions for payments made to the site. Are you going to believe them when they say they had nothing to do with it? 

http://qz.com/482875/whats-in-the-ashley-madison-database-that-hackers-released-online/

The breach contains data on 32 million Ashley Madison users, including names, usernames, addresses, phone numbers, and birth dates. The data also include users’ descriptions of themselves, often revealing their intentions in using the site—things like “I May Be Spoken 4 But I Speak 4 Myself” and “Let’s start as friends…”

It also reveals several million individual credit card transactions that went to Ashley Madison. Each of these indicates the name of the person involved, their address, the last four digits of their credit card number, and the amount paid, among other information. Here is a sample transaction, with every piece of data changed—keep in mind there are over 9 million more of these:







jmh

458 posts

Ultimate Geek

Subscriber

  # 1370859 20-Aug-2015 12:59
Send private message

Some time ago I signed up for a dating site because I heard that someone I knew was on there.  I logged in, had a look around and then left.  Didn't put up a profile or anything.  Fortunately they allowed me to delete my account.  It sounds really dodgy that they charge for you to delete an account. Still I guess they don't feel they need to take the moral high ground given the point of the site.



1388 posts

Uber Geek

Lifetime subscriber

  # 1370910 20-Aug-2015 14:57
Send private message

You can search email address database here.

https://ashley.cynic.al/




Ding Ding Ding Ding Ding : Ice cream man , Ice cream man


6952 posts

Uber Geek

Trusted

  # 1370914 20-Aug-2015 15:06
Send private message

Ironically this is probably good advertising for this site.  I'm not in need of these types of services personally, but had never heard of the site before now.



JWR

762 posts

Ultimate Geek


  # 1370927 20-Aug-2015 15:44

Presso: You can search email address database here.

https://ashley.cynic.al/


I'd advise against giving your email to a site like this.

15025 posts

Uber Geek


  # 1370929 20-Aug-2015 15:53
Send private message

jmh: Some time ago I signed up for a dating site because I heard that someone I knew was on there.  I logged in, had a look around and then left.  Didn't put up a profile or anything.  Fortunately they allowed me to delete my account.  It sounds really dodgy that they charge for you to delete an account. Still I guess they don't feel they need to take the moral high ground given the point of the site.




I think this is quite common. I think many wives and husbands probably also catch their partners out, by setting up a fake account and seeing if they are on it. This is why you have a disposable email account, such as one your ISP gives you.

1892 posts

Uber Geek


  # 1370946 20-Aug-2015 16:22
One person supports this post
Send private message

LOL @ the .govt.nz addresses!

 


It's like the herald's wet dream has come true.





Sometimes what you don't get is a blessing in disguise!

82 posts

Master Geek


  # 1370950 20-Aug-2015 16:27
Send private message

fizzychicken: read comments for info on places you can test addresses.

http://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/#more-32023

best security blog imo.


I read this blog often, and the information on there stating that most, if not all, of the 'leaked databases' (and there are plenty of different ones) are fake is pretty convincing.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | ... | 17
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New AI legaltech product launched in New Zealand
Posted 21-Aug-2019 17:01


Yubico launches first Lightning-compatible security key, the YubiKey 5Ci
Posted 21-Aug-2019 16:46


Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29


Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26


The Document Foundation announces LibreOffice 6.3
Posted 9-Aug-2019 16:57


Symantec sell enterprise security assets for US$ 10.7 billion to Broadcom
Posted 9-Aug-2019 16:43


Artificial tongue can distinguish whisky and identify counterfeits
Posted 8-Aug-2019 20:20



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.