Life may be short, but it can get very complicated.
This is perhaps particularly true when you sign up on an adultery website, it's hacked and the hackers post your personal information – including your email and postal address, credit card information and your stated weight and height – online.
The above, unfortunately, is not a theoretical. The personal data for millions of members on the adultery site Ashley Madison – which advertises itself with the slogan "Life is short. Have an affair" – was posted online yesterday. The leak is believed to have affected about 32 million accounts.
Ashley Madison's parent company Avid Life Media released a statement acknowledging that "the individual or individuals responsible for this attack claim to have released more of the stolen data," but stopped short of verifying that the leaked personal details were legitimate.
Multiple security researchers, however, have confirmed that the posted information is real and linked to Ashley Madison members. “I’ve now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database,” investigative reporter Brian Krebs wrote on his blog KrebsOnSecurity.
“We have multiple indicators that this is legitimate. There are things here that are just too hard to fabricate,” security researcher Troy Hunt told Buzzfeed. “We haven’t seen yet what the attack vector was used to hack the Ashley Madison site. It will be very telling if there was a low-hanging vulnerability, and that the site exposed all its millions of users by not securing something straightforward.”
This data dump comes a month after the hackers, who call themselves The Impact Team, threatened to release the “secret sexual fantasies and matching credit card transactions, real names and addresses" of Ashley Madison members unless the site was shut down.
Posted data includes email addresses, user names, postal addresses, credit card information (including transactions and the cards' last four digits), phone numbers, and users' descriptions of themselves, Quartz reports.
While the list of leaked emails is riddled with .gov, .mil and high-profile company addresses, Ashley Madison did not require its accounts to be verified, according to Krebs.