Credit: Avid Life Media
The group responsible for the Ashley Madison hack published the compromised records on Tuesday, delivering on the promise made when the hack was announced in July. The compromised records include account profile information, personal information, financial records, and more.
In July, a group calling themselves Impact Team leaked a selection of files that they claimed originated form Avid Life Media (ALM), the company behind adult playgrounds of Ashley Madison, Cougar Life, Established Men, and others.
The group said they had fully compromised the company's records, and demanded that they halt operations on Ashley Madison and Established Men. If that didn't happen, the group said they would publish the compromised records in full.
The reason for the attack, the group said, is because the company "profits on the pain of others."
On Tuesday, they delivered on their promise, and released 10GB of data to the public. Along with links to the leaked data, the group published the following:
"Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.
Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it."
The group also published a key so that anyone downloading them would know they came from the proper source.
The leaked files include databases complete with account information, profile data, PII, and financial data. Among the records are 15,019 accounts using either a .mil or .gov email address. Other records indicate that the user created their ALM profile with a work related email address.
On Twitter, @t0x0 provided Salted Hash with a breakdown of these addresses. A brief example is below; the image contains the full list of domains.
- us.army.mil - 6788
- navy.mil - 1665
- usmc.mil - 809
- mail.mil - 206
- gimail.af.mil - 127
If the data in the leaked files is valid, then Impact Team has created a blackmail archive that could land scores of people in hot water.
However, ALM never required that data be valid unless the user registered for a paid account, and even then the verification process wasn't that hard to bypass as long as the bills were paid.
Sign up for Computerworld eNewsletters.