Wired reports that the data was dumped yesterday. It includes seven years of user data, stretcing back to 2007 and affecting millions of Ashley Madison customers.
The hacking group “Impact Team” uploaded the 9.7 gigabyte database to a .onion address on the dark web. The site is accessible only through the anonymising Tor browser.
The data includes passwords hashed using PHP’s bcrypt algorithm. This is one of the most secure forms of password encryption but still won’t thwart a dedicated hacker for long.
Other details include names, email addresses, street addresses, descriptions of what each person was looking for in a partner and amounts paid for transactions. Four digit numbers present in the dump may represent a unique transaction ID or the last group of numbers for the payment card.
It’s likely that many users used false information to sign-up. Ashley Madison does not require email verification so it is possible that many email addresses do not even belong to the supposed owner. Wired notes that an email address apparently linked to former UK prime minister Tony Blair appears in the leak, alongside a total of around 15,000 other .mil or .gov addresses.
Impact Team introduced the data dump by saying: “We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.”
It continues to say that “the site is a scam” and that “90-95% of actual users are male.” After last month’s attack on Avid Life Media, Ashley Madison’s owner, Impact Team demanded that AshleyMadison.com and sister site EstablishedMen.com be taken offline “permanently in all forms.” Avid Life Media refused and it looks like this massive data dump is the consequence, following a final warning on Reddit two days ago.
