Giant Dump of Ashley Madison’s Breached Data Now Online

A 9.69 GB data dump is now online and believed to contain troves of private and confidential information from millions of Ashley Madison users after the infamous data breach that made headlines in July’s breach of the popular infidelity-favoring dating website.

Ashley Madison hackers who call themselves the ‘Impact Team’ have stuck to their word (threat) by publishing what appears to be the entire customer database of Ashley Madison, the controversial hookup site that encourages infidelity, reports

The hackers had originally demanded that Ashley Madison and other websites owned by parent company Avid Life Media to be shut down. Refusal to do so and the threat of going public with the breached information was issued by the hackers.

In a statement, the hacking group now said:

Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.

The hackers' statement.
A screenshot of the hackers’ statement posted on an Onion website on the Tor network.

Unlike previous major breaches involving Sony’s PlayStation network breach and the Hacking Team hack where the details were dumped on Pastebin, the hackers behind Ashley Madison’s breach dumped the data in a more clandestine part of the internet – the dark web.

Archive of Ashley Madison breach
A screenshot of the archive believed to contain the breached database.

As the screenshot shows above, the data (merely released hours ago at the time of writing this article) is still in raw, massive archives. However, archives named “CreditCardTransactions7z” and “aminno_member_email.dump.gz,” indicate that they’re more than likely to contain private and confidential information.

4chan users among others have already started sharing their discoveries while combing through the massive dump of data.

For instance, a twitter user @t0x0pg has provided a comprehensive breakdown of a category of accounts using  a .mil or a .gov email address. Totaling 15,019 accounts, they include:

  • – 6788 accounts
  • – 1665 accounts
  • – 206 accounts, among others.

It is important to note that Ashley Madison did not seek to validate users’ email addresses so there is a good possibility of the presence of faux records. While the authenticity of the dump as a whole is still to be verified, the word around the internet from those who claim to have looked through the entire archive confirm that it’s legitimate.

Avid Life Media released a statement in direct response to the leak, condemning the actions of the hackers.

“We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort,” the statement said.

This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world.

While the internet scrambles to ascertain if the data dump is indeed legit, Ashley Madison’s founding CTO – Raja Bhatia isn’t so sure. Speaking to renowned investigate journalist Brian Krebs, he said: “On a daily basis, we’re seeing 30 to 80 different claimed dumps come online, and most of these dumps are entirely fake and being used by other organizations to capture the attention that’s been built up through this release,” before adding: “If there is full credit card data in a dump, it’s not from us, because we don’t even have (store) that.”

Featured image from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.