The hackers may already have left one clue about who they are.
And records indicating the last login dates for Ashley Madison customers show July 11 as the final day they signed in, suggesting the hackers grabbed no customer data after this.
The recent dates don't mean the hackers weren't in the company's network for longer than this, however—the amount and variety of data grabbed and the number of servers from which they took it indicate they did extensive reconnaissance to map the network and figure out where valuable data was located.
The release of source code is also problematic for another reason—it exposes the company's intellectual property to anyone who wants to design a similar business.
For a company that had hoped to raise $200 million for an IPO on the London Stock Exchange this fall, that's a potentially big blow."With this second data dump, I believe Impact Team wants to destroy Ashley Madison and Avid Life Media," says Per Thorsheim, a security researcher in Norway who has been analyzing the data. In an interview with Motherboard, the hackers said they have 300 GB of employee emails in their possession, plus tens of thousands of Ashley Madison user pictures as well as user messages."1/3 of pictures are dick pictures and we won't dump," they told Motherboard. Maybe other executives."None of this bodes well for other companies who may engage in practices that hackers don't like.
This kind of attack targets a vulnerability in a software application running on the site in order to cause the site's backend SQL databases to spill their data. You could use Pass1234 from the internet to VPN to root on all servers."In an initial interview after the breach was first reported in July, Avid Life Media CEO Noel Biderman suggested the perpetrator may have been a former contractor or someone else who had legitimate access to the company’s networks at one time."We’re on the doorstep of [confirming] who we believe is the culprit,..." Biderman told Krebson Security last month.