Ashley Madison

In July 2015, Ashley Madison—an extramarital dating site promising complete discretion—suffered a massive data breach that shook the online privacy landscape. A group calling itself “The Impact Team” infiltrated the company’s network and exfiltrated over 60 gigabytes of sensitive data, including user profiles, financial transactions, and internal communications. The attackers exploited a mix of weak security practices—such as the simultaneous use of bcrypt and the much less secure MD5 for password hashing—and the discovery of hardcoded credentials in the site's source code, which facilitated lateral movement across systems. Despite initial denials by the company, successive public data dumps on dark web platforms forced Ashley Madison to acknowledge the breach, leading to widespread lawsuits, executive resignations, and irrevocable damage to user privacy.

Data Included in the Breach