Hackers who breached the servers of infidelity dating site Ashley Madison last month have allegedly followed up on their threat to post the service’s user database.

Calling themselves the Impact Team, the hackers dumped almost 10 gigabytes of data in a file that includes credit card transactions, thousands of emails and personal data of users including everything from people’s names to their sexual fantasies.

“Avid Life Media has failed to take down Ashley Madison,” the hackers wrote, referring to the site’s parent company in Canada.

“We have explained the fraud, deceit and stupidity of ALM and their members. Now everyone gets to see their data.”

The US Federal Bureau of Investigation said on Tuesday that it is investigating the breach, as ALM lashed out at the hackers for hurting “innocent” people.

ALM said the Royal Canadian Mounted Police, the Ontario Provincial Police and the Toronto Police services are also involved in the investigation.

The data, which was uploaded in a raw text format and requires relatively sophisticated technical skills to browse, was quickly pored over by cybersecurity researchers and interested gawkers.

A portrait of Ashley Madison CEO Noel Biderman in Hong Kong’s Tsim Sha Tsui just after the site was launched in the city in mid-2013. Photo: May Tse

On forum 8Chan, which helped share hundreds of leaked naked photos of celebrities last year, users quickly began sharing tidbits of information found in the files.

Shared material included the email addresses of UK government bodies and major corporations. Commenters also started to publicly identify some of the users.

The news may also alarm the service’s users in Hong Kong. Ashley Madison launched in the city in mid-2013.

An analysis of the email database published by the hackers returned more than 10,000 “.hk” addresses, as well as nine official “gov.hk” email addresses. Governmental Ashley Madison users included employees of the Education Bureau, Social and Welfare Department, and the Legislative Council.

There were also hundreds of users with “.edu.hk” addresses, as well as 10 whose emails suggested they worked at one of the city’s many non-governmental organisations, including one Mensa member.

It is unclear how many of those users are still paying customers. One of the hackers’ main gripes with Ashley Madison was their allegation that the service’s “full-delete” function, which charged users US$20 to remove their information from their databases, did not work in practice. The site responded by wiping this fee.

Credit card data released by the hackers showed more than 770 transactions in the last three years from users who listed their location as Hong Kong.

Original Post: http://www.scmp.com/tech/enterprises/article/1850839/ashley-madison-hackers-publish-site-data-including-details

Advertisements