The group behind the hack of adultery website Ashley Madison appears to have made good on its threat, leaking the site's user database online—and potentially exposing those users to threats of blackmail.
Last month, a group of hackers known as The Impact Team claimed to be behind an attack on Ashley Madison—whose tagline is "Life is short. Have an affair,"—and associated sites Cougar Life and Established Men, stealing information on more than 37 million users. They threatened to release details if site owner Avid Life Media did not shut down Ashley Madison and Established Men. Avid Life Media did not comply.
Now, nearly 10 gigabytes of data, including member account details, logins and payment details, have been posted to the dark Web, according to a report in Wired. Avid Life Media said Tuesday it was investigating the validity of the claim. "Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business," the company said in a statement.
Security blog Krebs on Security reported it had confirmed the data dump as legit, via three sources who found their information among the data. Wrote Krebs, "I'm sure there are millions of Ashley Madison users who wish it weren't so, but there is every indication this dump is the real deal."
This leak could be more damaging than many data breaches. "You could really ruin someone's life," Chase Cunningham, threat intelligence chief at cloud-computing company FireHost, told CNBC when the hack was revealed last month.
"Without question, this is incredibly valuable information," J.J. Thompson, founder and chief executive of Rook Security, an IT security firm, told CNBC earlier this year. "[Site users] are now vulnerable to a significant secret." Even if the information is taken down quickly, it could easily be used as leverage not just for financial gain, but to influence decisions by any of those victims in positions of power, he said.