A group of hackers who breached the database of Ashley Madison have reportedly followed through on their threats and posted a trove of data online.
In July, a group calling themselves The Impact Team hacked the controversial dating website, which specialises in extramarital affairs, and claim to have made off with information on more than 30 million users.
On Tuesday, Wired reported that 9.7 gigabytes of data appear to have been posted to the Dark Web – a sub-level of the internet not accessible via normal search engines – and infamous for criminal activity.
The hackers breached Ashley Madison’s security last month, and claimed they had gained access to a database of more than 37 million members – information they said they would post online unless the site, along with sibling site Established Men, were shut down by parent company Avid Life Media (ALM).
They now appear to have followed through with this threat, with the data dump containing usernames, real names, passwords, email addresses and bank details.
The Impact Team said they were protesting over a fee charged to erase user data should they decide to leave the site. The hackers said the erasing procedure was a “complete lie” and claimed that many details – including names and addresses – were never deleted.
Alongside the data dump, The Impact Team appear to have included a statement explaining their actions, which included the headline “Time’s Up!”.
“Avid Life Media has failed to take down Ashley Madison and Established Men,” said the statement.
“We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.”
There was also a warning that the site contains thousands of fake profiles, and that the majority of users are male.
“Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters,” the statement says.
“Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.”
ALM hit back at the alleged data dump by calling the hackers criminals, and said it would ensure that those behind the attack would be held responsible.
“This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities,” said ALM.
“The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror and executioner, seeing fit to impose a personal notion of virtue on all of society.
“We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully co-operate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.”
On social media, users claiming to have done early analysis of the data have been posting lists of government email addresses from the UK, US and Australia that they claim are part of the data breach.
However, experts are suggesting this information should be taken with a pinch of salt as ALM did not require email accounts to be validated unless the user signed up for a paid account, while security expert and writer Steve Ragan added “and even then the verification process wasn’t that hard to bypass as long as the bills were paid”.