August 19, 2015 — Wired reports that hackers have posted a 9.7-gigabyte data dump from Ashley Madison to the dark web.
Anyone can sign up for Ashley Madison for free, but when users try to delete their data, they are asked to pay $20. Hackers warned that even after users paid for “Full Delete,” Ashley Madison kept purchase details, real names, and addresses.
The hacking group called “The Impact Team” breached user databases last month and threatened to post names, email addresses, and even sexual fantasies from at least 32 million users unless Ashley Madison and Established Men were taken offline.
Avid Life Media (ALM) refused to take the websites down, even after hackers posted sample files containing some of the stolen data. Yesterday, the data was posted to the dark web using an Onion address accessible only through the Tor browser.
In a statement accompanying the dump, hackers wrote:
“Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.”
Anyone who accesses that data could share it on public parts of the internet that are indexed by traditional search engines. However, links claiming to have the stolen data often have spyware and malware.
According to Wired, the files appear to include account details (name, address, phone number) and log-ins, through it is likely many users provided fake details. It also includes descriptions of what members were seeking.
The dump also contains seven years worth of credit card and other payment transaction details going back to 2007. It does not include credit card numbers but does include names, street addresses, email address, and amount paid. Encrypted passwords were also released.