Hackers who stole the personal and private details of users of adultery dating website Ashely Madison claim to have released the data on to the internet.
In July, AshleyMadison.com – which specialises in adulterous relationships – was hacked by a group calling themselves Impact Team.
At the time, they threatened the website owners, Avid Life Media, saying they would release the data unless the website was taken down.
10Gb of the data, including user names, email addresses, passwords and bank details, has been published on the dark web.
About 37 million worldwide users were affected by the hack – including around one million from the UK.
Among the data are details that appear to be linked to people working for governments. It is possible, however, they could be fake.
The company, which also owns another site that was hacked called Established Men, said it is investigating and regards the hack as a criminal act.
The US Federal Bureau of Investigation said it had joined the investigation, but did not provide details.
In a message the hackers said:
“Time’s up! Avid Life Media has failed to take down Ashley Madison and Established Men.We have explained the fraud, deceit, and stupidity, of ALM and their members.Now everyone gets to see their data.”
The hackers, who said they targeted the company because they don’t agree with how the sites are run, added:
“Find someone you know in here. Keep in mind the site is a scam with thousands of fake female profiles…Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages.”
View the hacker’s full message below:
The data dump appears to be legitimate and includes full names, e-mail addresses, partial credit-card data and dating preferences, according to Robert Graham, chief executive officer of Errata Security, a researcher in Atlanta.
“This is data that can ‘out’ serious users,” Graham said in a blog post. “I have verified multiple users of the site.”
Meanwhile another IT expert Dave Kennedy verified the scale of the hack in a tweet:
Going through a dump… This wasn't a database hack. This was full scale pwnage of the entire company. Domain hashes, internal docs galore.
— Dave Kennedy (ReL1K) (@HackingDave) August 19, 2015
Avid Life Media Inc., the Toronto company that operates the site, said in a statement that it is “monitoring and investigating this situation to determine the validity” of the information and cooperating with investigations by Canadian police and the U.S. Federal Bureau of Investigation.
The company didn’t address the effect the data dump might have on a plan to sell shares this year in London.
That listing was proposed after an offering in Canada was shelved due to concerns among potential investors about Avid Life’s business.