Report: Ashley Madison Data Leak Was an Inside Job

Report: Ashley Madison Data Leak Was an Inside Job

LOS ANGELES — If Internet security expert John McAfee is correct, the much publicized data breach of adult affair site AshleyMadison.com was an inside job.

In an article for International Business Times, John McAfee claims that Ashley Madison was not hacked, but its most private data — including sensitive consumer information — was stolen by a female employee of parent company Avid Life Media, who was working on her own.

McAfee has been analyzing the 40GB data dump, and determined that it was the result of a lone wolf attacker with intimate access to the company’s systems.

“A hacker is someone who uses a combination of high-tech cybertools and social engineering to gain illicit access to someone else’s data,” McAfee wrote. “But this job was done by someone who already had the keys to the Kingdom. It was an inside job.”

“Any adept social engineer would have easily seen this from the wording in the first manifesto published by the alleged hacking group,” McAfee added. “I was one of the first practitioners of social engineering as a hacking technique and today it is my only tool of use, aside from a smartphone — in a purely white hat sort of way.”

In his article, McAfee outlines the processes he used to make his assertions, and discusses the type of information he was able to glean from the data dumps, including the decoded password hash tables of every company employee, MySQL databases, office layouts, organization charts and every private email to and from the CEO — even the raw source code for all the company’s programs.

There was so much information in the breach, garnered from multiple systems, and with so much of it having no value to outside organizations, that it convinced McAfee that the breach was an inside job.

“These are just a few of the many strangely included files that would take even a top notch hacker years to gather, and seem to have little or no value,” McAfee explains. “Any reasonable cybersecurity expert would come to the conclusion that only someone on the inside, who could easily gain all of the files through deception and guile, could have done the job.”

As for those high-level emails, Krebs on Security is reporting that contained within in them are revelations that a former Ashley Madison exec had hacked a competitor’s website — grabbing its full user database.

Related:  

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Peter Hooke Launches New Paysite

Peter Hooke has launched an official website through PAYSITE.

Pineapple Support Names Ny Ny Lew as Brand Ambassador

Pineapple Support has named Ny Ny Lew as its newest brand ambassador.

Federal AV Proposal Passes House, Faces Senate Opposition

The U.S. House of Representatives on Monday passed the Kids Internet and Digital Safety (KIDS) Act, which includes provisions to make age verification by adult websites federal law, but the bill still faces tough going in the Senate.

Devin Drills Launches New Paysite

Creator Devin Drills has launched an official website through PAYSITE.

AV Bulletin: Midyear Roundup

Since the U.S. Supreme Court’s decision in Free Speech Coalition v. Paxton, more state age verification laws have been enacted around the United States, as well as proposed at the federal level and in other countries. Meanwhile, lawsuits resulting from AV laws have begun to play out in the courts. This roundup provides an update on the latest news and developments on the age verification front as it impacts the adult industry.

Judge Dismisses Last NCOSE-Backed Suit Over Kansas AV Law

A federal judge on Monday dismissed a lawsuit alleging that adult site SuperPorn violated Kansas’ age verification law, citing lack of jurisdiction after similarly dismissing two related cases earlier this year.

ASACP Updates 'Restricted to Adults' Labeling Resource Page

The Association of Sites Advocating Child Protection (ASACP) has updated its Restricted to Adults (RTA) labeling resource page.

Federal AV Proposal Scores Minor Win in House but Remains in Doubt

A newly announced bipartisan agreement in the U.S. House of Representatives Committee on Energy and Commerce may soon bring a proposed federal age verification law before the full House, but the measure continues to face an uphill battle.

Arizona Governor Vetoes 'Protect Act' With New Consent Provisions

Arizona Governor Kate Hobbs on Friday vetoed HB 2133, the “Protect Act,” which would have imposed new requirements for adult content uploaded online.

Brazil Begins Monitoring 18 Adult Sites for AV Compliance

Brazil’s National Data Protection Authority (ANPD) is now monitoring 18 high-traffic adult websites for compliance with the country’s Digital Statute for Children and Adolescents (Digital ECA), which requires such sites to age-verify users located in Brazil.

Show More