Hackers claimed Tuesday to have leaked personal data of millions of people that was stolen in a cyberattack on the parent company of Ashley Madison, an online dating site aimed at people who wish to have extramarital affairs.
WIRED reported that a group called the Impact Team, who claimed responsibility for last month's hack, posted 9.7 gigabytes of stolen user data on the so-called "dark web," a reference to a part of the Internet that can only be accessed through a specialized browser.
According to WIRED, the leaked data includes customer names, login details, street and e-mail addresses, and details of transactions that date as far back as 2007. However, WIRED reported that the data does not appear to include full credit card numbers. In all, approximately 32 million accounts at Ashley Madison and Established Men, a site aimed at women looking to date wealthy men, are believed to be affected.
It is not clear how much of the data belongs to real customers or are from fake, so-called "burner" accounts. However, WIRED reported that approximately 15,000 leaked e-mail addresses use .gov and .mil domains, meaning that they are hosted by U.S. government and military servers.
Toronto-based Avid Life Media, Inc., the parent company of both websites, said in a statement obtained by the Associated Press that it was aware of the group's claim and was investigating.
"The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner," the company said, accusing the hackers of seeking to impose "a personal notion of virtue on all of society."
Security analysts who examined the leaked data said they believed the information dump to be genuine. Brian Krebs, a former Washington Post reporter who writes a blog on computer security and broke news of the initial hack last month, reported that he had spoken to three sources who reported finding their last names and credit card information in the database.
The hack was made public July 20, the day after Krebs' initial report was posted online. The Impact Team demanded at the time that Avid Life Media shut down Ashley Madison and Established Men. The group claimed to have targeted the company over its alleged fraudulent business practices, saying that Ashley Madison and Established Men's "full delete" tool does not remove users’ personal information for a one-time $19 fee, as promised by the sites.
"Shutting down AM and EM will cost you, but non-compliance will cost you more," a statement warned. "We will release all customer records, profiles with all the customers’ secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses, and employee documents and emails."
WIRED reported that the Impact Team introduced the new data dump with a statement titled "Time's Up!"
"Avid Life Media has failed to shut down Ashley Madison and Established Men," the statement read. "We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
The statement continued: "Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit [sic]; 90-95% of actual users are male. Chances are your man signed up on the world's biggest affair site, but never had one. He just tried to. If that distinction matters.
"Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends," the statement concludes. "Embarrassing now, but you'll get over it."