Hackers appear to have made good on a threat to leak information on over 30 million users of AshleyMadison.com, a hook-up site geared toward cheating spouses.
The mysterious hackers, known as the Impact Team, released a trove of data Tuesday that included full names, street addresses and some credit card information.
The hackers first threatened to release the information a month ago unless Toronto-based Avid Life Media, owner of AshleyMadison.com and a similar site, EstablishedMen.com, shuttered its operations.
“We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data,” the hackers wrote in a message posted online under the headline “Time’s Up!”
Avid Life Media could not be immediately reached for comment.
Web security experts say the data dump appears to be genuine.
“The database dump appears to be legitimate and contains usernames, passwords, credit card data (last four), street addresses, full names, and much much more,” Dave Kennedy, chief executive of TrustedSec, said in a blog post. “It also contains an extensive amount of internal data which looks like the hackers had maintained access to their environment for a long period of time.
“Kennedy said the dump amounted to 10 gigabytes of compressed data, which is considered extremely large. It was released on the so-called dark web, sites that use encryption tools such as Tor to preserve anonymity.
“This dump appears to be legit. Very, very legit,” Kennedy said.
Errata Security Chief Executive Robert Graham also believed the dump to be genuine after looking at the data, concluding it amounted to 36 million accounts. He said 28 million of them belonged to men.
“It appears to have credit card transaction data, but not the full credit card number,” Graham said in a blog post. “It does have full name and addresses, though. This is data that can ‘out’ serious users of the site.”