Hackers claim to have made good on their threat to release data they stole in a breach last month of the company behind Ashley Madison, the popular online dating website aimed at people hoping to cheat on their spouses.
On Tuesday, the group of hackers who first claimed responsibility for the attack last month dumped 9.7 gigabytes worth of stolen user account and payment information online. The data included login details, email addresses, payment transaction details and encrypted passwords for members of Ashley Madison and Established Men, another site that markets to women looking to date rich men. Both sites are owned by Avid Life Media, as is Cougar Life, a third site that was also breached but did not appear to be part of Tuesday’s data dump.
A group of hackers named Impact Team took responsibility for the breach last month and threatened to release names, passwords and financial transactions of Ashley Madison’s members if Avid Life Media did not immediately shut the site down. The hackers also complained that the company charged a $19 fee to members to scrub their profiles from the site, but continued to keep their data on its servers.
Avid Life Media said last month that it had adjusted its policy for deleting user data, but continued to operate Ashley Madison, which maintained data on 40 million users, according to its website. Established Men and Cougar Life also continued to operate.
To show they were serious last month, the hackers posted samples of data they had collected in the breach, including corporate financial documents and maps of Avid Life Media’s internal network.
The company said last month after the breach that it was taking steps to delete the stolen data, but it was too late. In an post published anonymously on Tuesday, captioned “Time’s Up!”, the hackers said they were releasing Avid Life Media’s data because the company had not met their demands.
“We have explained the fraud, deceit and stupidity of A.L.M. and their members,” hackers wrote. “Now everyone gets to see their data.”
The hackers accused the service of overstating the number of females on its site. “Keep in mind the site is a scam with thousands of fake female profiles,” they wrote. “See Ashley Madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.”
In a statement, Avid Life Media said that its investigation into the breach on its systems was continuing and that it was cooperating with law enforcement agencies in Canada and the Federal Bureau of Investigation in the United States.
The company said it was still investigating the validity of any information posted online from its site and was working to remove any data posted unlawfully.
“This event is not an act of hacktivism, it is an act of criminality,” the company said in its statement. “It is an illegal action against the individual members of AshleyMadison.com, as well as any free-thinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.”
They added, “We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.”
Avid Life Media is one of several sites containing sensitive user data to have been breached in recent months. In May, Adult Friend Finder, a sex website, was breached and data from 3.5 million users was dumped online.