Hackers who stole sensitive customer information from the cheating site AshleyMadison.com seem to have carried out their threat to post the data online.
AshleyMadison is an adultery site for married individuals seeking partners for affairs. It has over 37 million users worldwide. Last month, a hacking team, Impact Team, hacked into the site and stole details of over 30 million users, threatening to expose the “adulterers” if the site is not shut down by the owners.
After owners of the site refused to shut it down, the hackers on Tuesday released the data. A data dump, 9.7 gigabytes in size, was posted to the dark web using an Onion address accessible only through the Tor browser.
The files appear to include account details and log-ins for some 32 million users. It contained seven years worth of credit card and other payment transaction details are also part of the dump, going back to 2007. The data, which amounts to millions of payment transactions, includes names, street address, email address and amount paid, but not credit card numbers; instead it includes four digits for each transaction that may be the last four digits of the credit card or simply a transaction ID unique to each charge.
According to Wired.com, the data also includes descriptions of what members were seeking. “I’m looking for someone who isn’t happy at home or just bored and looking for some excitement,” wrote one member who provided an address in Ottawa and the name and phone number of someone who works for the Customs and Immigration Union in Canada.
“I love it when I’m called and told I have 15 minutes to get to someplace where I’ll be greeted at the door with a surprise—maybe lingerie, nakedness. I like to ravish and be ravished … I like lots of foreplay and stamina, fun, discretion, oral, even willingness to experiment—*smile*”
The data released by the hackers includes names, addresses and phone numbers submitted by users of the site, though it’s unclear if members provided legitimate details. A sampling of the data indicates that users likely provided random numbers and addresses, but files containing credit card transactions will yield real names and addresses, unless members of the site used anonymous pre-paid cards.