clock menu more-arrow no yes mobile

Filed under:

The second Ashley Madison leak is mostly source code

When a second cache of data from the Ashley Madison hack was published earlier today, reporters rushed to download and sort through the contents, expecting internal data akin to the leak published earlier this week. But now that The Verge has spent some time looking through the data, it appears to be something significantly more innocuous, primarily detailing the backend operations of Avid Life Media's various web properties.

The bulk of the data is divided between 10 tgz or "tarball" files, along with a 7z mail archive file named for Avid Life Media CEO Noel Biderman.

For most observers, the email archive was the most tempting, promising internal communications and potentially more insight into the lawsuit over fake profiles that Ashley Madison fended off earlier this year. But our attempts to open the archive yielded an error message, and we weren't the only ones. The file appears to have been corrupted during the archiving process, and while it's still possible that the attackers will release an uncorrupted version of the file later on, it's also possible the data was corrupted during retrieval and is simply unrecoverable in its current form. It still may be possible to retrieve portions of the data using more advanced forensics, but whatever is retrieved will likely be incomplete.

Aside from the email archive, most of the data in the tgz files constitute source code for Avid Life Media's various web sites, including Ashley Madison itself and the couple-swapping site Swappernet. The code shows the back end for the sites, detailing architecture for various forms and password modules. Much of the recent development work is also visible in the code, including recent patches and commits made by ALM's developers.

That goes a long way towards verifying Impact Team's claim to have extensive access to ALM servers, but it doesn't do much beyond that. It's possible that Impact Team has more in store, and corrupted or not, the inclusion of the Biderman archive suggests at least the possibility of access to internal email archives, an unsettling and powerful technique in previous hacks. But judging by this release, the most serious damage to Ashley Madison and its users may have already been done.