As many as 32 million individuals' private lives and love lives could be on the line as hackers who claimed responsibility for the data breach of Ashley Madison say they have leaked all their private information, including names, email addresses, street addresses and even secret sexual fantasies online.
Wired reports that Impact Team, the hacking group claiming to have breached the systems of Ashley Madison, has dumped as much as 9.7GB of private user data to the Dark Web via an Onion address. The information, which can be accessed using the Tor browser, contains sensitive private data, including credit card information and millions of dollars worth of transactions dating back to 2007.
Ashley Madison, which lives by the motto "Life is short. Have an affair," touts itself as the premier cheating website on the Internet. At the time it was hacked, the website said it had around 40 million cheating spouses from around the world.
It is unclear, however, if members submitted their real details, since Ashley Madison does not verify email addresses. Some 15,000 email addresses were associated with .mil and .gov websites, and Wired says it even found an email associated with former United Kingdom Prime Minister. The hackers themselves accuse Ashley Madison of scamming its users by signing up mostly males.
"Chances are your man signed up on the world's biggest affair site, but never had one. He just tried to. If that distinction matters," says the Impact Team.
Still, if credit card information has been provided, the data dump will have to include the real names and street addresses of millions of people who signed up to hook up with other people online.
"Find yourself in here? It was [Avid Life Media] that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now but you'll get over it," the hackers say.
But Raja Bhatia, founding chief technology officer of Ashley Madison, says the data dump is a fraud. Speaking to Brian Krebs of KrebsOnSecurity.com, Bhatia says he had been working with security experts around the clock to keep up with all the purported data dumps that have come out since the Ashley Madison hack, and the latest one appears to be no more authentic than the others.
The biggest giveaway that the latest leak is a fake, says Bhatia, is that it contains credit card information, even when Ashley Madison does not collect this type of information from its clients.
"There's definitely no credit card information, because we don't store that," Bhatia says. "We use transaction IDs, just like every other PCI-compliant merchant processor. If there is full credit card data in a dump, it's not from us, because we don't even have that."
Daniela Vladimirova | Flickr