The release of source code is also problematic for another reason—it exposes the company's intellectual property to anyone who wants to design a similar business.For a company that had hoped to raise 0 million for an IPO on the London Stock Exchange this fall, that's a potentially big blow."With this second data dump, I believe Impact Team wants to destroy Ashley Madison and Avid Life Media," says Per Thorsheim, a security researcher in Norway who has been analyzing the data. In an interview with Motherboard, the hackers said they have 300 GB of employee emails in their possession, plus tens of thousands of Ashley Madison user pictures as well as user messages."1/3 of pictures are dick pictures and we won't dump," they told Motherboard. Maybe other executives."None of this bodes well for other companies who may engage in practices that hackers don't like.It's also interesting to note that the compressed files released Tuesday had already been prepared for distribution a month ago, when the Impact Team made their initial threat to release data if ALM didn't take down Ashley and another site it owns, Exceptional The Read Me file that accompanied the data dump this week, for example, has a July 19 timestamp."It looks to me that they got everything together on July 19 but didn't release it until a month later, if we are to believe the timestamps," says Erik Cabetas of Include Security, who wrote an analysis about the metadata in the files.
A version of email file hackers distributed Thursday turned out to be corrupted and couldn't be opened, but they reposted a new version today, which is still being downloaded by journalists.This kind of attack targets a vulnerability in a software application running on the site in order to cause the site's backend SQL databases to spill their data. You could use Pass1234 from the internet to VPN to root on all servers."In an initial interview after the breach was first reported in July, Avid Life Media CEO Noel Biderman suggested the perpetrator may have been a former contractor or someone else who had legitimate access to the company’s networks at one time."We’re on the doorstep of [confirming] who we believe is the culprit,..." Biderman told Krebson Security last month.Ashley Madison.com, however, was not hacked in this way, according to Joel Eriksson, CTO of Cycura, which is helping investigate the breach. "I’ve got their profile right in front of me, all their work credentials.The hackers have been good so far about operational security around their release of the data, according to Cabetas.They released files in the first batch of data, which contain little metadata compared to other types of files.Ashley Madison reportedly made 5 million last year, a 45 percent jump from 2013.