Skip to main content

Here’s every type of data exposed in the Ashley Madison hack

Here’s every type of data exposed in the Ashley Madison hack

Share this story

There are plenty of ways to look up whether your information has been exposed in the Ashley Madison hack — all you need is an email address. And while that alone certainly speaks volumes, email addresses are just a small sliver of the information found in the nearly 10GB data dump (compressed total file size) containing what looks to be over 36 million Ashley Madison accounts and 9 million individual credit card transactions.

The amount of data tied to each account, found across numerous spreadsheets, is as mind-bending as the messy ramifications and may include some (if not all) of the following:

  • Creation date and last updated date, down to the second
  • Account type and membership status (listed as a 0, 1, 2, or 3)
  • First and last name (at least, the one given) and nickname
  • Listed street address, including city, state, zip code, and in some cases even the latitude and longitude lines
  • Up to three phone numbers, including work and mobile (if provided)
  • Gender (approximately 27 million male-identified and 4.4 million female-identified accounts, which is about a 6-to-1 ratio with 2 million undetermined)
  • Date of birth
  • Profile caption (examples include "No Games Please." and "I May Be Spoken 4 But I Speak 4 Myself")
  • Weight and height, the latter of which seems to be listed in centimeters
  • Certain attributes — ethnicity, body type, whether you drink or smoke, what you're initially seeking, and what you're relationship status is — are listed as just a number instead of a full text value. There's no key provided, but certain numbers can be discerned in context (e.g. ethnicity "1" seems to be white, while "3" is Asian)
  • What you're open to, what you're looking for, and what turns you on — all listed as an array of numbers (presumably corresponding to a menu of options), a self-submitted description, or a combination of the two
  • Security questions (listed as a number; for example "2" might represent what high school you went to) and answers (in text)

As far as passwords go, everything seems to be protected using bcrypt, which is to say you might be okay provided you used a strong enough password. Security questions are listed as a number, presumably referencing some other data (for example, "2" seems to be what high school you went to), and security answers are given in text.

9,693,860 credit card transactions between 2008 and 2015

Then there is almost 3GB of transaction data — 2,643 CSV files in all, each of which seems to represent an individual day between March 21st, 2008 and June 28th, 2015, although there are 2,655 days in between. Early estimates suggest there are 9,693,860 credit card transactions listed in total.

Each transaction listed has the a timestamp (tracked to the nearest minute), the last four digits of the credit card, the "brand" of card (VI for Visa, MC for Master Card, AM for American Express, DI for Discover), the reported amount of the transaction, the full name (presumably legit for billing purposes) and email address associated with the card, and several columns of other information we currently can't discern.

Those 9.69 million transactions don't represent individual users, mind you — many people were repeat customers several times over. This is just a sampling of what can be found with even a cursory glance at the leaked data, and while the full extent of information varies by account, if you've ever used Ashley Madison, this should definitely give you cause for concern.