Conservative christian TV star Josh Duggar (previously) was ditched by television after he admitted sexually abusing kids as an adolescent. Now he's being sued by a guy whose photo he allegedly stole and used on hookup sites. [via]

Josh Duggar is headed for a jury trial in the Ashley Madison lawsuit brought against him by a D.J. and model. The latter is claiming damages, after alleging Duggar family’s eldest child used his images on the adult website.

Los Angles-based D.J. Matthew McCarthy has alleged Josh Duggar stole his image for use on Ashley Madison and OkCupid to solicit sex. Josh’s actions reportedly brought him infamy and led to loss of work, People reported, while quoting from the lawsuit McCarthy filed. The D.J. further alleged that his “religious” family was hurt and the reality star’s actions were malicious and deliberate.

It seems quite the self-own: finding a more handsome person who strongly resembles but would never actually be mistaken for oneself, stealing their photo for use on Ashley Madison, then getting caught. Read the rest

Adultfriendfinder, "the world's largest sex & swinger community," has suffered a major breach, leaking 300,000,000 accounts' worth of personal information, namely email addresses, passwords, usernames, IP addresses and browser information. Read the rest

Now that 11.7 million Ashley Madison users' passwords been shown to be crackable, we're learning that password security has not improved since the last giant dump of user passwords. Read the rest

A flaw in the fraudulent dating site's password hashing means that at least 15 million of its users' passwords are liable to decryption. Read the rest

Avid Life Media is full of genuinely nasty people. Good luck with your next thing, gentlemen. Read the rest

Security blogger Brian Krebs is among those hot on the trail, and he "may have a new lead," according to the New York Times.

On Wednesday, Brian Krebs, the well-known security blogger posited a new theory about who may have hacked the site, which helps arrange extramarital affairs. Mr. Krebs zeroed in on a Twitter user named Thadeus Zu (@deuszu), who posted a link to Ashley Madison’s stolen, proprietary source code before the information was made public this month.

Some apparent problems with this hypothesis have already been noted, but the operator of the @deuszu account is doing his or her best to look guilty.

I want @briankrebs to come forward and lay it down on my fucking face. Bring all that evidence and proof and we can have a public dialogue.

— Thadeus Zu (@deuszu) August 27, 2015

Bring on it on @briankrebs.

— Thadeus Zu (@deuszu) August 27, 2015

THIS ENDS HERE.

— Thadeus Zu (@deuszu) August 27, 2015

I am looking forward to dragging @briankrebs to court, amigo.

— Thadeus Zu (@deuszu) August 27, 2015

RT @deuszu: I am looking forward to dragging @briankrebs to court, amigo. < Do that, genius. You have to actually, you know, show up.

— briankrebs (@briankrebs) August 27, 2015

Reminder: the site was probably just a scam with only a handful of legitimate female participants. Little can be implied about its users beyond stupidity. Read the rest

Annalee Newitz reports that very few of the female profiles at the hacked site appear to represent real people.

The world of Ashley Madison was a far more dystopian place than anyone had realized. This isn’t a debauched wonderland of men cheating on their wives. It isn’t even a sadscape of 31 million men competing to attract those 5.5 million women in the database. Instead, it’s like a science fictional future where every woman on Earth is dead, and some Dilbert-like engineer has replaced them with badly-designed robots.

Her examination of the dataset (generally described as representing about 37m accounts) is that there were perhaps 12,000 paying women users. Which means, of course, that very few of the paying male users were actually having affairs. Of that total, only 1,492 female-profile users ever checked their messages, compared to 20m men.

One thousand, four-hundred and ninety-two.

Ashley Madison employees did a pretty decent job making their millions of women’s accounts look alive. They left the data in these inactive accounts visible to men, showing nicknames, pictures, sexy comments. But when it came to data that was only visible on to company admins, they got sloppy. The women’s personal email addresses and IP addresses showed marked signs of fakery. And as for the women’s user activity, the fundamental sign of life online? Ashley Madison employees didn’t even bother faking that at all.

Here's what Ashley Madison is: a swizz. You pay up to "have an affair", you get strung along for a while, you realize the site is garbage, then you pay the "fee" to have your data deleted. Read the rest

David, a 43-year-old Californian, told Kristen V. Brown of Fusion why he has been a happy Ashley Madison member for nearly a decade. He signed up, he says, because his wife wasn't interested in having sex with him. Read the rest

Emails sent by the "have an affair" dating network's CEO suggest the firm "hacked" rival Nerve.com in 2012, taking its user database.

Brian Krebs:

“They did a very lousy job building their platform. I got their entire user base,” [Ashley Madison CTO Raja] Bhatia told [CEO Noel] Biderman via email, including in the message a link to a Github archive with a sample of the database. “Also, I can turn any non paying user into a paying user, vice versa, compose messages between users, check unread stats, etc.”

Neither Bhatia nor Biderman could be immediately reached for comment. KrebsOnSecurity.com spoke with Bhatia last week after the Impact Team made good on its threat to release the Ashley Madison user database. At the time, Bhatia was downplaying the leak, saying that his team of investigators had found no signs that the dump of data was legitimate,

Alas, it was for real. Ashley Madison charged its users to have their personal data wiped, but did not do so, and now that data is out in the wild. Read the rest

Raja Bhatia was the original CTO of Avid Media, Ashley Madison's parent company; in an email to Avid CEO Noel Biderman in the latest Ashley Madison dump, he hacked the back-end of Nerve, a competing dating site. Read the rest

Heather Havrilesky explains that the moralizing and schadenfruede around the leak has obscured what it means for everyone, even those of us who don't sign up to cheat on our partners: everyone has something to hide.

This isn't just a particularly suspenseful episode of Mr. Robot we're witnessing. The world is changing quickly, and real lives are being destroyed by the recklessness at play on civic, corporate, and individual levels. Every other day, there are new security breaches, and more private information is shared with strangers. Simply proclaiming that all of our secrets will be revealed, or naïvely asserting that you have nothing to hide — this is the behavior of citizens who don’t know history, or who've surrendered completely to a modern sense of learned helplessness, or who simply don't care about protecting the weakest or the most vulnerable among us. Yes, that includes cheaters. It includes all of us. We are all vulnerable now. We are all at risk.

And here's Glenn Greenwald on the smarmy moralizing going on: "whatever else is true, adultery is a private matter between the adulterer and his or her spouse." Read the rest

Self-proclaimed Ashley Madison hackers the Impact Team today released what looks like another 20 gigabytes of ill-gotten data. The just-dropped “other shoe” includes emails from the cheater-dating website's CEO. Read the rest

-Bruce Sterling Read the rest

The company is shotgunning DMCA notices against journalists and others who reproduce even the tiniest fraction of the dump of users who signed up to find partners with whom to cheat on their spouses -- included in the dump are thousands of people who paid $15 to have their data permanently deleted from the service. Read the rest

A vast data dump, purportedly exposing millions of users of a hookup service for cheating spouses, has been confirmed.

In a statement, Ashley Madison spokesman Anthony Macri (right) said the dump was a criminal act. He didn't mention that the company had kept the data, for reasons unknown, after charging its users to have it permanently deleted.

This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.

The 10GB tranche exposes 37m accounts from a site marketed explicitly at people who wanted to cheat on their partners. It includes names, addresses, emails, card numbers, transactions and other personally-identifying information. Security researcher Brian Krebs says that it's the real deal.

I’ve now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database. Also, it occurs to me that it’s been almost exactly 30 days since the original hack.

Hackers seeking to bring down undercover dating website Ashely Madison have released personal data for two of its anonymous, affair-seeking users. Read the rest