This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/technology-34041039
The article has changed 5 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| Ashley Madison: Boss's emails examined after leak | Ashley Madison: Boss's emails examined after leak |
| (35 minutes later) | |
| A swathe of emails from the inbox of Ashley Madison's chief executive is now being scoured by a variety of security experts and journalists. | A swathe of emails from the inbox of Ashley Madison's chief executive is now being scoured by a variety of security experts and journalists. |
| The 30 gigabyte dump of stolen data appears to include nearly 200,000 emails belonging to Noel Biderman. | The 30 gigabyte dump of stolen data appears to include nearly 200,000 emails belonging to Noel Biderman. |
| Some experts have decided not to view the contents, but certain details are being distributed via Twitter. | Some experts have decided not to view the contents, but certain details are being distributed via Twitter. |
| There has also been more fallout from the release of an earlier batch of data including Ashley Madison user emails. | There has also been more fallout from the release of an earlier batch of data including Ashley Madison user emails. |
| TrustedSec, a US security firm, has published a blog in which it verifies the basic details of the email data, released last week. | TrustedSec, a US security firm, has published a blog in which it verifies the basic details of the email data, released last week. |
| The company says the files amount to 30 gigabytes' worth and regard 6,800 unique senders and 3,600 unique recipients. | The company says the files amount to 30 gigabytes' worth and regard 6,800 unique senders and 3,600 unique recipients. |
| The veracity of the most recent data dump has also been confirmed by Norwegian security researcher Per Thorsheim, who was able to decompress the files despite the fact that they were initially corrupted. | The veracity of the most recent data dump has also been confirmed by Norwegian security researcher Per Thorsheim, who was able to decompress the files despite the fact that they were initially corrupted. |
| "I saw one email or two emails and I could verify the sender, the recipient, the domains and everything so it has to be an email from the CEO's mailbox," he told the BBC. | "I saw one email or two emails and I could verify the sender, the recipient, the domains and everything so it has to be an email from the CEO's mailbox," he told the BBC. |
| "There's no doubt about that." | "There's no doubt about that." |
| However, Mr Thorsheim says that beyond verifying that the dump is real, he is not interested in reading the contents of the emails. | However, Mr Thorsheim says that beyond verifying that the dump is real, he is not interested in reading the contents of the emails. |
| The Motherboard news site has published excerpts of several of the emails, which appear to reveal discussions around Ashley Madison's security policy. | The Motherboard news site has published excerpts of several of the emails, which appear to reveal discussions around Ashley Madison's security policy. |
| Speaking to the BBC, the security firm hired by Ashley Madison to investigate the hack said it appeared to have been carried out through unusual means. | Speaking to the BBC, the security firm hired by Ashley Madison to investigate the hack said it appeared to have been carried out through unusual means. |
| "I can say that unlike many similar attacks, where a remote attacker has been able to use a security vulnerability such as an SQL [programming language] injection in order to dump data directly, that was not the case here," said Joel Eriksson, a security expert at Cycura. | "I can say that unlike many similar attacks, where a remote attacker has been able to use a security vulnerability such as an SQL [programming language] injection in order to dump data directly, that was not the case here," said Joel Eriksson, a security expert at Cycura. |
| User impact | User impact |
| Meanwhile, users who have been linked to Ashley Madison by email addresses found in an earlier release of data have been the subject of uninvited scrutiny. | Meanwhile, users who have been linked to Ashley Madison by email addresses found in an earlier release of data have been the subject of uninvited scrutiny. |
| Troy Hunt, who has been blogging about the implications of the hack, has described the case of church leader (who he chose not to identify) who had contacted a member of their own congregation, whose email address was linked to an Ashley Madison account. | Troy Hunt, who has been blogging about the implications of the hack, has described the case of church leader (who he chose not to identify) who had contacted a member of their own congregation, whose email address was linked to an Ashley Madison account. |
| Hunt says that he has also received a "huge number of enquiries" from worried individuals who are concerned that they may be associated with Ashley Madison, whether or not they have actually created an account on the website themselves. | Hunt says that he has also received a "huge number of enquiries" from worried individuals who are concerned that they may be associated with Ashley Madison, whether or not they have actually created an account on the website themselves. |
| "People are desperate to get the data," he told the BBC. | "People are desperate to get the data," he told the BBC. |
| "They're resorting to things that could get them into hot water, like trying to download the data themselves. | "They're resorting to things that could get them into hot water, like trying to download the data themselves. |
| "I don't think it's right for the individuals in the Ashley Madison database to have their personal lives put on display," he added. "Very often these people are entirely innocent." | "I don't think it's right for the individuals in the Ashley Madison database to have their personal lives put on display," he added. "Very often these people are entirely innocent." |
| Mr Hunt and others have warned that users may be the subject of blackmail and extortion attempts. | Mr Hunt and others have warned that users may be the subject of blackmail and extortion attempts. |
| Indeed, security blogger Brian Krebs reported last week that spam emails demanding Bitcoin payments were targeting email addresses found in the Ashley Madison data. | |
| Data damage | Data damage |
| Although the implications of the data's release are still to be determined, some commentators are already pointing out that they could be far-reaching. | Although the implications of the data's release are still to be determined, some commentators are already pointing out that they could be far-reaching. |
| Two law firms have launched a class action lawsuit against Ashley Madison in recent days, and it is possible that the plaintiffs would seek to use information from the chief executive's leaked emails to help build a case, according to Mark Watts, head of data protection at London law firm Bristows. | Two law firms have launched a class action lawsuit against Ashley Madison in recent days, and it is possible that the plaintiffs would seek to use information from the chief executive's leaked emails to help build a case, according to Mark Watts, head of data protection at London law firm Bristows. |
| "If the emails sent to/from the CEO are relevant to the case (ie to the class action) then I suspect that the lawyers involved would seek to rely upon them if they are helpful to the case," he told the BBC. | "If the emails sent to/from the CEO are relevant to the case (ie to the class action) then I suspect that the lawyers involved would seek to rely upon them if they are helpful to the case," he told the BBC. |
| Watts explained that even though the emails have been obtained illegally, any relevant correspondence to the case would probably have been discovered later anyway as part of the legal process. | Watts explained that even though the emails have been obtained illegally, any relevant correspondence to the case would probably have been discovered later anyway as part of the legal process. |
| "Essentially, the claimants' lawyers would just be getting them early," he said. | "Essentially, the claimants' lawyers would just be getting them early," he said. |