Well, this should be interesting. Hackers who claim to have stolen data from Ashley Madison, the dating site for cheaters, recently posted nearly 10-gigabytes of said stolen data. That includes member email addresses, credit card transactions, and even profiles. This should be very interesting.


The data can be found on the dark web, and those who’ve already downloaded it say they’re finding all kinds of juicy gossip. (One person searched for British government emails, for instance.) The hackers themselves, however, don’t seem at all miffed about this massive release of purportedly private and possibly damaging information. Because Ashley Madison’s parent company, Avid Life Media, refused the hackers’ demand to take down the site, they don’t think the users deserve privacy.


Calling themselves the Impact Team, the hackers said:

We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data … Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters. … Too bad for those men, they’re cheating dirtbags and deserve no such discretion. Too bad for ALM, you promised secrecy but didn’t deliver.…

Well at least they seem honest?

Here’s a screenshot of the full statement included with the release:


Update (9am 08.19.2015): An Avid Life Media spokesperson posted a response on Ashley Madison’s website. The statement ensures the public that the company is “actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort.” Then comes the tough talk:

This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.


Meanwhile, security researchers are actively working to confirm whether or not the data is actually valid. Brian Krebs, for one, says that he’s “now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database.” So that’s pretty scary for anybody who ever thought it was a good idea to trust Ashley Madison with their super private information.

Update (2pm): Just in case there was any remaining doubt whether or not this data dump was legit, Ashley Madison’s parent company now confirms that at least some of it definitely is. “There has been a substantial amount of postings since the initial posting, the vast majority of which have contained data unrelated to AshleyMadison.com, but there has also been some data released that is legitimate,” Avid Life spokesman Paul Keable told Reuters.


Update (6:20pm): Welp…


[Wired, Ars Technica]

Image via Ashley Madison

Contact the author at adam@gizmodo.com .

Public PGP key

PGP fingerprint: 91CF B387 7B38 148C DDD6 38D2 6CBC 1E46 1DBF 22