Archives 2015

The hack of Ashley Madison just became real for potentially millions of users. The website that billed itself as the premier destination for adult affairs appears to have failed in its aims to provide a discreet locale for its users to meet. A new leak nearly 10 gigabytes in size has unleashed a potential firestorm. If you think your information was in that leak, we won’t judge you but you need to read this.

Search for Your Email Address

You should begin by performing a Google search for your email address, and be sure you go through all of them. Dormant accounts are the best for hacking because the owner often doesn’t know the hack occurred because the email is never checked. This could potentially cause major problems for people who didn’t even know Ashley Madison existed.

You should also use a website like Trustify, which has created a form that checks your email address against the data released in a hack.

Search Your Name

The next avenue is to search for your name. Ashley Madison doesn’t use a process to verify a user’s email account, so it’s entirely possible someone with a negative opinion of you used your credentials to create an account under your name. Your email address might not show up on any related websites, but finding your name in these leaks can still cause trouble. What if your spouse saw your name, or your boss?

A few Links to Check
Here is a forum that released much of the data, but thankfully they would remove your info if you ask:
http://www.fairfaxunderground.com/forum/read/2/1952412.html

This site below let’s you search by an email address to see if your data was part of the hack:
https://ashley.cynic.al/

This site below let’s you check your own email and will send a verification email:
http://www.trustify.info/check

Taking Action

It’s not easy to request removal from some of these websites, as they are protected by the Digital Millennium Copyright Act, and may refuse to remove a post once it has been made. In these situations, your only alternative is to proactively manage your reputation online. Only reputation management companies can effectively monitor every search engine for references about you.

For more details on the hacking, including a message from the hackers, click here.

Ashley Madison hackers released over 9GB of data yesterday, including personal names, emails and some credit card numbers.  It apparently also contains the source code for their website!

Someone that downloaded the file, reported that this message below was posted in one of the files:

“Avid Life Media runs Ashley Madison, the internet’s #1 cheating site, for people who are married or in a relationship to have an affair. ALM also runs Established Men, a prostitution/human trafficking website for rich men to pay for sex, as well as cougar life, a dating website for cougars, man crunch, a site for gay dating, swappernet for swingers, and the big and the beautiful, for overweight dating.

Trevor, ALM’s CTO once said “Protection of personal information” was his biggest “critical success factors” and “I would hate to see our systems hacked and/or the leak of personal information”

Well Trevor, welcome to your worst fucking nightmare.

We are the Impact Team. We have hacked them completely, taking over their entire office and production domains and thousands of systems, and over the past few years have taken all customer information databases, complete source code repositories, financial records, documentation, and emails, as we prove here. And it was easy. For a company whose main promise is secrecy, it’s like you didn’t even try, like you thought you had never pissed anyone off.

Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.

So far, ALM has not complied.

First, we expose that ALM management is bullshit and has made millions of dollars from complete 100% fraud. Example:
-Ashley Madison advertises “Full Delete” to “remove all traces of your usage for only $19.00”
-It specifically promises “Removal of site usage history and personally identifiable information from the site”
-Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie.
-Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.
-Other very embarrassing personal information also remains, including sexual fantasies and more
-We have all such records and are releasing them as Ashley Madison remains online.

Avid Life Media will be liable for fraud and extreme personal and professional harm from millions of their users unless Ashley Madison and Established Men are permanently placed offline immediately.

Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this.

This is your last warning,

Impact Team
We are not opportunistic skids with DDoS or SQLi scanners or defacements. We are dedicated, focused, skilled, and we’re never going away. If you profit off the pain of others, whatever it takes, we will completely own you.

For our first release, and to prove we have done all we claim, we are listing *one* Ashley Madison credit card transaction for each day for the past 7 years, complete with customer name and address (oneperday.txt) and associated profile information (oneperday_am_am_member.txt and oneperday_aminno_member.txt, selected rows from our complete dump of the AM databases). We are also releasing a hash dump and zone file for both domains, select documents from your file servers, executives’ google drives, and emails, and the Ashley Madison source code repository. Also, since Ashley Madison stopped using plaintext passwords, we’re also releasing the swappernet user table, which still has plaintext passwords:
https://bitbucket.org/TheImpactTeam/ashley
https://bitbucket.org/TheImpactTeam/ashleymadisondump
https://gitlab.com/ImpactTeam/ashley
https://gitlab.com/ImpactTeam/ashleymadisondump
https://launchpad.net/ashley

1 example from this dump: “PERNELL GRAZETTE”, with profile ID 23288650, who spitefully paid for Ashley Madison the day after valentine’s day in 1 example from this dump: “PERNELL GRAZETTE”, with profile ID 23288650, who spitefully paid for Ashley Madison the day after valentine’s day in 2014, lives at 10 charlotte st. Brockton, MA in the US, with email UPFRONT73@AOL.COM. He is not only married/attached, but is open to a list of fantasies from Ashley Madison’s list: |29|44|39|37|7|, a.k.a. “Cuddling & Hugging”, “Likes to Go Slow”, “Kissing”, and “Conventional Sex”. He’s looking for ‘A woman who seeks the same things I seek: passion and affection. If you have such desires then we will get alone just fine’,’|54|11|9|’ which means “Good Communicator”, “Discretion/Secrecy”, and “Average Sex Drive”. He also says “I have only two personal interests on this site. Making sure that You are comfortable with me should I be so fortunate to hold your attention and making sure I take the role of discretion to an artform. I mean isn’t this why we are here, to be as discreet as possible?” From the login table, we know his user ID is ‘Heavy73’ and password hash is ‘$2a$12$ndvz/F.EXyJKRYkrErX/w.EDgzF7cNkJcQvNeDGQylEMHRw2COLZO’.

As another, profile ID 48040 is listed as a “paid delete”, which means a few of his profile text boxes are gone, but from purchase records we know it is “RICKIE RAMRATTAN” from “5499 Cosmic Crescent” “Mississauga”,”ON” “L4Z3P8” whose fantasies are |7|40|17|34|33|37|38|48|36|42|43|50|44|32|39|29|49|18|, which includes “Likes to Give Oral Sex”, “Likes to Receive Oral Sex”, “Light Kinky Fun”, “Role Playing”, “Erotic Tickling”, “Erotic Movies”, “Good With Your Hands”, “Sensual Massage”, and “Dressing Up/Lingerie” among others. You must be glad you paid for your profile to be deleted, huh?

Too bad for those men, they’re cheating dirtbags and deserve no such discretion. Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online.

And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.

Well, Noel? Trevor? Rizwan? What’s it going to be?”

Today we discovered that RipoffReport.com has been completely deindexed by Google.  We have searched online for any news about this and so far there is only one other person reporting on this news on Twitter. We have confirmed we several others that are seeing the same thing.

When you search for “Site:ripoffreport.com” no pages from Ripoffreport are showing.  There is however a message stating:
“In response to a legal request submitted to Google, we have removed 1 result(s) from this page. If you wish, you may read more about the request at ChillingEffects.org.”

This could been there is some kind of copyright infringement notice against them. However, what does not make sense is why is the whole website gone and not only the pages that infringe upon someone’s copyright!

Back in 2001, a similar thing happened. Search Engine Watch reported on it and it turned out the Ripoff Report webmaster had accidentally gotten the site deindexed using Webmaster Tools.

We think this removal is temporary, but let’s hope it is gone forever as it will make a lot of people happy!

UPDATE!
The outage only lasted a couple of hours. The pages are all back in Google now! We may never know what happened!

From October 5-8, Las Vegas will be taken over by Pubcon. The gathering is one of the largest annual meetings of search marketing professionals, and discussions will delve deep into all manner of organic search topics. Joining these brilliant minds in search is the veteran SEO and social media marketer: Pierre Zarokian.

Zarokian, who is CEO of Reputation Stars and Submit Express, is an expert on the art of reputation management. Through Reputation Stars, Pierre is successfully growing the reputation management arm of his successful search marketing business. He has developed a proprietary approach that can remove negative reviews and press from Google search results.

“One of the key aspects we look at is Yelp,” says Zarokian, “if a business has a bad Yelp profile, they may lose a lot of business.” Zarokian will discuss the effects that a bad Yelp reputation can have on a growing business, and he will focus on some key takeaways businesses can use to increase positive Yelp reviews.

“Yelp is all over the Web, so there is a good chance it’s the first thing someone sees when they search for local businesses,” says Pierre Zarokian. “Often, the user will bypass Google entirely and go to Yelp to search for businesses in their area.”

Starting at 3:55 on Tuesday, October 6th, Pierre will be joined by other colleagues in the search marketing industry in a roundtable discussion on reputation management. If you attend Pubcon, and you want to grow your business, this session promises insight into one of the next frontiers in search marketing.

If you are interested in attending Pubcon, here is a coupon code that will give you 15% discount: rc-1943915

We have just released a press release titled “Reputation Stars Offers Unique Solutions for Reputation Management.”

In summary, Reputation Stars works with a legal team to try and get most negative reviews removed.  These legal methods often work much better than traditional SEO methods and result in complete removal of the report from the offending site or Google.  Reputation Stars, will use traditional SEO method if the legal method is not an option or if it fails.

Reputation Stars management have 18 years of experience in SEO and online marketing services.  “I got into the reputation management industry because I figured out unique, proprietary ways to help people through their reputation crises,” said Pierre Zarokian, CEO of Reputation Stars.

You can see the full release at:

http://www.benzinga.com/pressreleases/15/03/p5361249/reputation-stars-offers-unique-solutions-for-reputation-management

When Yelp first began, it caught on like wildfire. Users were providing honest ratings, complete with photos, and businesses were receiving valuable bumps in revenue and foot traffic. As time went on, the site became open to gaming. Fake reviews began to pop up, slandering some businesses and inflating others. Yelp recently won a court case that allows it to tailor its reviews as it wants, disabling any chance a business may have had at controlling their Yelp reputation.  It is possible to remove some negative Yelp reviews, but that the chances are very slim.

Asking the Original Poster to Remove

Asking the original poster to remove the review may be your best bet. If you do not know who the poster is try to contact them via Yelp messaging system. However, never ever offer a Yelper money to remove your reviews via Yelp. If you can get a hold of the poster ask them what you can do to make it write. Let them be the one asking for a refund or telling you what it would take to get the review removed.  If you cannot reach an agreement, then read on.

Cease & Desist Letters

If the post contains false information that can be proven, you may want to send the poster a Cease & Desist letter. It is best if you hire an attorney to do this so you can be taken more seriously. Please contact us if you would need an attorney referral.

Lawsuits

You cannot sue Yelp, since the Communications Decency Act protects them, but you can sue the poster. However, be advised that there is a law called the ANTI SLAPP in most US states, which basically allows the defendant to get awarded damages if your lawsuit’s only purpose is to scare them into removing a valid post, which can be proven to be valid and true. You could be liable in paying a large sum of damages.  Additionally, lawsuits are really expensive even if you win, so consider the pros and cons before engaging in a lawsuit. This could also backfire if the poster decides to post more defamatory reviews on other sites and go public with your threats.

Yelp’s Terms of Service

If the review is against some Yelp Terms of Service and content Guidelines, you can simply flag the review and let Yelp know if your reasoning. If you have a valid reason Yelp may remove it. However, be adviced there is only one chance to get Yelp to review a flagged review. If the review gets declined the first time for removal, any further removal requests would result in an automatic email from Yelp stating that someone had already flagged it and they had already reviewed it and found it to be in accordance to the Yelp terms.   This is why it is important that you know what you are doing. We highly recommend that you do not try this method yourself and consult with us first.

Our company has removed many reviews this way and we know what works.  If flagging fails, we then send a legal letter to Yelp with more details and any evidence that we can provide.

Although the chances of removing most reviews this way is low, it is still well worth a shot. We have had about 10% success rate in removing Yelp reviews this way. We also never charge for Yelp removal service unless we are successful.  Every review is different and needs to be analyzed to see if it is a good fit. Please contact us to see what we can do for you.

By Pierre Zarokian
The Digital Millennium Copyright Act was meant to help individuals establish copyrights for their materials online. Unfortunately, it doesn’t work to get defamatory content removed, unless the content was something you owned, such as a section of your website copied or a copied picture that you own the copyright to.  However, be adviced that some sites such as ripoffreport and thedirty.com may not comply with a DMCA take down notice, where the owners use federal protections to justify their behavior.  Sending a notice to Google may not even work, as Google most often asks to deal with the sites directly. We have sent plenty of DMCA notices on behalf of our clients and know what works and what doesn’t.  Unfortunately, most often DMCA would not work to take down defamatory content.

When the DMCA takedown notice fails, there are a few more options left to you.

Establish Your Reputation

You can leverage the power of social media and SEO to help rebuild your reputation after a crisis, and you don’t even need a large budget. It helps to have tools that manage social media for you, identifying what people are saying and who your likely product evangelists are. This lets you build multiple profiles, update content and monitor how everything is performing for you.

Within no time, the negative content will be buried in favor of positive content with a higher user engagement. You also get the bonus of increasing market reach and identifying key influencers you can use to spread your messaging.

This is a service our firm is best at, so if you need a professional to help you, contact us.

Take Legal Action

You cannot sue the site hosting the defamatory content the Communications Decency Act protects them. What you need to do is sue the poster or if it I anonymous you need to sue a “John Doe” and try to subpoena the records of the site hosting the content to find out who posted it. Some sites like Ripoff Report may remove content if you have a court ordered removal and if they don’t Google would most likely comply.

Legal action is costly, and not always guaranteed.  Although our firm does not provide legal removals, we can refer you to one of the best attorneys that does this service.

Nik Richie – thedirty.com

We reported last week that thedirty.com was a victim of hackers taking it down due to DOS attacks. It seems the site has gone live now and Nik Richie has improved his servers and technology. He posted a message on thedirty stating:

“TheDirty.com is back online. We are still under DDoS attack and other attacks, but I’ve put a stronger team in place and rebuilt the infrastructure from scratch. I’m not going anywhere. This year the DIRTY ARMY will rise — I implore you to join.

As you can see the new design is in place. I’m 35% complete and there are many bugs. The castle wall is strong and with your help I’m hoping to build Malbork. So please use this comment section to give us guidance on what you like, don’t like, what to build in your favor, any fixes/bugs to kill and suggestions.

We will win. DIRTY ARMY Strong!- nik”

A speed analysis at Google Insights shows that the site is still a bit slow and this could be because they are still under attack.

If you have been listed on thedirty.com and require removal of your post, please contact us for pricing and details. You can complete the contact form on the right side of this page.

Nik Richie – thedirty.com

A judge just awarded $1.25 million over defamatory comments on Thedirty.com brought by a woman who says comments on the site stated that her 3 children were from 3 different men because she wanted to collect child support and the owner Nik Richie refused to remove them when she requested.

The judgement was awarded against Dirty World Entertainment Recordings. However, TheDirty attorney states that thedirty.com is not owned by that entity and Nik Richie has nothing to do with it. The correct entity that owns Thedirty.com is called the Dirty World, LLC.

The attorney stated that the Sarah Jones judgment last year was also awarded towards the wrong company!

This is what Attorney David Gingras stated:

“In short, Ms. Stewart certainly has obtained a judgment against Dirty World Entertainment Recordings, but that company has nothing whatsoever to do with Dirty World, LLC or TheDirty.com. She is welcome to try to collect that judgment, bearing in mind that the plaintiff in the Sarah Jones case also has an $11 million default judgment against the same entity (see attached copy). However, to the extent that Ms. Stewart claims that she has a judgment against TheDirty.com or Dirty World, LLC, those claims are completely false.”

You can read more details here.

We just reported that thedirty.com was down due to hacker DOS attacks.  Apparantly they also hacked Nik Richie’s icloud account and a personal message from it was posted online showing Nik trying to make a deal with girl or prostitute to sleep with his friends so then he could remove a post…funny stuff.  We have no way of knowing the authenticity of this, so we leave the judgment up to you.

Read below the full messages.