The Ashley Madison hacker was reportedly identified by security specialist Brian Krebs. On his blog, the specialist discusses how he tracked the massive breach to Twitter user Thadeus Zu. Although the suspected hacker vehemently denies the accusation, Krebs believes he has proven his case.
With the motto “Life is Short, Have an affair,” Ashley Madison was designed to help married men and women meet for discreet sexual encounters.
As stated on the official website, Ashley Madison has “over 39,855,000 anonymous users” worldwide. However, members soon learned they were not as anonymous as they had hoped.
On July 15, 2015, a group of hackers, identified only as The Impact Team, claimed to have access to the company’s massive user database. The information included member names, email addresses, personal preferences, and credit card information.
As reported by Business Insider, The Impact Team threatened to make the information available to the public — unless Ashley Madison agreed to shut down their infamous website.
According to the hackers, Ashley Madison offered members a “full delete” of their dating profile and personal information for a fee of $19. However, their parent company, Avid Life Media, failed to ensure the information was removed from their database.
“Users almost always pay with credit card; their purchase details are not removed as promised… Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online.”
As Avid Life Media refused to meet the hackers’ demands, The Impact Team released the membership information between August 18 and 21. The leaked data includes the names and email addresses of more than 30 million Ashley Madison members.
Brian Krebs claims he was initially contacted by The Impact Team on July 20. In addition to discussing the breach, the hackers reportedly provided the security specialist with a link to the source code cache.
Later that same evening, Twitter user Thadeus Zu provided a link to the same source code cache. As neither Krebs, nor The Impact Team, publicized the link — the security specialist became suspicious.
According to a report by the Toronto Police Department, Avid Life Media received an unusual warning from The Impact Team before the data was actually breached.
As discussed by Krebs on Security, “Avid Life employees first learned about the breach on July 12… when they came into work, turned on their computers and saw a threatening message from the Impact Team accompanied by the anthem ‘Thunderstruck’ by Australian rock band AC/DC… “
In his blog, Brian Krebs notes several occasions when Thadeus Zu, an admitted hacker, mentioned AC/DC and the song “Thunderstruck” on his Twitter account.
Krebs became convinced his suspicions were correct when “Thadeus Zu tweeted about the downloadable Ashley Madison data more than 24 hours before news outlets picked up on the cache.”
Looks like @deuszu has deleted all tweets before Aug. 23, 2015 (all 100k of them). Fortunately, I have them all indexed. Stay tuned.
— briankrebs (@briankrebs) August 26, 2015
Thadeus Zu continues to deny that he is the Ashley Madison hacker. However, Brian Krebs said he found far too much evidence suggesting otherwise.
[Image via Shutterstock]