Unlike the first, which was primarily user data, this dump contains nearly 20 gigabytes of mostly internal data, including Avid Life Media CEO Noel Biderman's emails and Ashley Madison website source code.A 13 gigabyte file containing Biderman's email is found to be corrupted, and is quickly replaced with the release of a 19 gigabyte file of the CEO's email data.The leaked emails also included messages from Ashley Madison director of security Mark Steele warning Biderman of multiple cross-site scripting and cross-site request forgery vulnerabilities in their codebase. August 25-26, 2015: The data dumps continue with state-by-state leaks of personal data of Ashley Madison users from New Jersey, New York, California, Georgia, and Arkansas appearing on Pastebin.August 27, 2015: Just over a week after the first major data dump, reports of blackmail and identity theft targeting leaked Ashley Madison users surface.Impact Team's ransom message is accompanied by the AC/DC song "Thunderstruck."July 19, 2015: Impact Team publishes their warning message on Pastebin, this time setting a 30 day window for Avid Life Media to shut down the sites before the information is released.The warning is followed by an article from security journalist Brian Krebs announcing the Ashley Madison data breach.August 24, 2015: Following the announcement from the Toronto police, Ashley Madison offers a 0,000 bounty for information on Impact Team or the attack.
July 22, 2015: Impact Team releases the names and information of two Ashley Madison users - a man from Brockton, MA and a man from Ontario, Canada - in the first data leak to come from the hack.Citing numerous critical security risks for Ashley Madison's systems, Szathmari's discovery sheds some light on potential methods that could have been used in the attack.September 10, 2015: A blog post from a cracking group called Cyno Sure Prime exposes that Ashley Madison failed to use a robust encryption strategy for its user passwords, allowing the group to crack over 11MM passwords in just 10 days.August 19-20, 2015: As researchers continue to sift through the first data dump, search websites pop up that let users search to see if their email addresses were leaked.August 20, 2015: Impact Team leaks a second major dump of Ashley Madison data.
According to the group, "123456" was the most popular password amongst Ashley Madison users, with over 120k accounts using it to protect them. That's what we've seen so far - stay tuned for more on the Ashley Madison story.