Analysts are poring over the latest details to emerge from the AshleyMadison hack and the implications for the company going forward. Since the hackers released their treasure trove Monday, we’re starting to get a sense of how big this hack really was.
Here’s what we know has been taken, by the numbers:
33 million accounts with user information, including names, street addresses and phone numbers
36 million email addresses
9.6 million documented transactions
10 GB of compressed data
This data was stolen on July 11, 2015. Anyone who registered an account after this date is probably safe — but anyone who registered before July 11 should consider some or all of their information compromised.
Passwords were encrypted in a relatively secured manner. But that doesn’t mean that a user’s individual password couldn’t be cracked.
It’s also important to note — as security researcher Graham Cluley points out — that if your email address is in the AshleyMadison database, it doesn’t mean you are or were a member of the site.
AshleyMadison apparently never bothered to confirm a user’s email address. Instead of having to click on a verification link in an email, a user could just enter in any email address they wanted in order to access the site.
As a result, there are tens of thousands of email addresses that could just be false. Plenty of members were using Bugmenot.com email addresses, and similar burner accounts.
Still, by all accounts, this data is real. And it’s not just user information that was leaked; internal corporate data was shared too.
Putting aside the schadenfreude and the moral judgments, what happened has the potential to be devastating to many individuals. And the data analysis is just getting started.