19 Aug 2015

Ashley Madison’s hacked customer details released online

As stolen personal details of over a million users of the infidelity website Ashley Madison are dumped online, the company warns of the potential consequences for “innocent citizens”.

Ashley Madison website

Late on Tuesday hackers claimed to have dumped credit card and email details of more than a million Ashley Madison users onto the dark web, which is only accessible using a specialist browser.

Within hours other web users were starting to repost information on freely viewable websites.

These are illegitimate acts that have real consequences for innocent citizens Ashley Madison

One early analysis of the data, by security blogger Robert Graham, claimed to have discovered that the “gender” field in the database shows some 28m men to 5m women. The data, Graham reports, also carries the GPS co-ordinates of the person creating the account (whether or not the account was in a fake name).

A separate analysis of the data found that the city with the highest concentration of Ashley Madison users was Washington DC, and that some 15,000 email addresses involved were hosted on US government and military servers.

In a statement posted with the data dump, the hackers said “Find someone you know in here?

“Keep in mind the site is a scam with thousands of fake female profiles… Chances are your man signed up on the world’s biggest affair site, but never had one.

“He just tried to. If that distinction matters.”

‘You promised secrecy but didn’t deliver’

The database containing personal and financial details of more than 37m members of the site has been held hostage since the end of July when a group calling itself “The Impact Team” claimed to have hacked Ashley Madison and two other sites owned by Avid Life Media (ALM); Cougar Life and Established Men.

Challenging the company’s promise of total discretion, the hackers said at the time “too bad for ALM, you promised secrecy but didn’t deliver.”

The statement posted by the hackers on Wednesay said “It was Avid Life Media [ALM] that failed you and lied to you. Prosecute them and claim damages. Then move on with your life.”

Ashley Madison responded by accusing the hackers of being criminals who had “appointed themselves as the moral judge, juror and executioner, seeing fit to impose a personal notion of virtue on all of society.”

The company, which facilitates adultery, went on to warn “these are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives.

After the original hack a self-declared Ashley Madison user who described himself as a gay man from Saudi Arabia posted on the Reddit website “I may get stoned to death for gay sex”.

The anonymous poster said he had used the site to hook up with single men while studying in America, adding “gay sex is punishable by death in my home country so I wanted to keep my hookups extremely discreet. I only used AM to hook up with single guys.”

He later added an update that he was hoping to return to America for his own protection.

In its statement on Wednesday ALM said it was co-operating fully with law enforcement agencies investigating the data hack, adding “we will not sit idly by and allow these thieves to force their personal ideology on citizens around the world.”

It is possible to sign up to use Ashley Madison using someone else’s name and email details.