After threatening to release salacious details on as many as 37 million customers of the website, which uses the slogan “Life is short. Have an affair,” hackers claimed to publish a huge cache of email addresses and credit card data stolen in July.
Reuters was not immediately able to confirm the authenticity of the posting. Avid Life Media, which owns Ashley Madison and Established Men, widely described as a “sugar daddy site,” did not verify the data was real, but said it was aware of the claim.
The hackers used the dark web which is only accessible using a specialized browser.
Still within hours, thousands of email addresses from North America and Europe including many linked to corporations and universities sprouted up on other sites as people decrypted the database. It is possible to create an Ashley Madison account using someone else’s name and email.
The hackers have appointed themselves as “the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society,” the company said in a statement.
“These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives,” it said.
The Federal Bureau of Investigation (FBI) is investigating the theft alongside the Royal Canadian Mounted Police and local police, it said.
The hackers, who call themselves The Impact Team, leaked snippets of the compromised data in July and threatened to publish names and nude photos and sexual fantasies of customers unless Ashley Madison and another site owned by Avid Life were taken down.
“Avid Life Media has failed to take down Ashley Madison and Established Men,” tech website Wired quoted The Impact Team as saying in a statement accompanying the online dump.
“We have explained the fraud, deceit, and stupidity of ALM (Avid Life Media) and their members. Now everyone gets to see their data,” the hackers said, according to Wired.
Other higher-profile attacks such as those on big companies, like Sony Pictures Entertainment and Target, have seen credit card data of customers stolen, unleashing massive financial damage to individuals and companies.
But this data dump appeared to confirm that the hackers were not driven by blackmail or commercial motives, but rather ideological ones.
The intrusion into the private lives of individuals marked a watershed moment in cybercrime as the data spread across the web, said Ajay K Sood, general manager for Canada of cybersecurity firm FireEye Inc.
“These guys want as much notoriety as possible. This isn’t cyberterrorism. It’s cybervigilantism,” he said.
Avid Life has said it is convinced the hackers were formerly connected to the company.
Still the dump was massive, according to Troy Hunt, a Microsoft security expert, who said more than 1 million unique email addresses were attached to payment records.
Wired said 9.7 gigabytes of data was posted, and appeared to include member account and credit card details.
Toronto-based cybersecurity firm Cycura, which was hired by Avid Life to investigate the attack, said it was not authorized to speak on the matter.