The hacked data of millions of Ashley Madison users is said to contain the details of government and military officials, as well as people from the Vatican and other established organisations.
Yesterday, a 9.7 GB cache of data was posted on the Deep Web, with a note from hackers saying it contained the names, addresses, credit card data and phone numbers of 32m Ashley Madison users.
And those with access to the data dump have revealed some of the organisations and companies whose employees have apparently signed up to the site.
People on Twitter, security bloggers and users of sites like 4chan have said the data includes email addresses from the Vatican, NASA, The White House and the British Government.
The scourers say they have found over 15,000 email addresses from .mil. or .gov addresses.
Wait, am I getting these numbers right – Re: Ashley Madison – 15,000 gov / mil addresses? I’m at like 14,900+ anyone confirm?
– Steve Ragan (@SteveD3) August 18, 2015
According to Ars Technica, the dump also contains files with titles including “aminno_member_dump.gz,” “aminno_member_email.dump.gz,” “CreditCardTransactions7z,” and “member_details.dump.gz,”, which indicates that the download “could contain highly personal details.”
One list online has over 200 Vatican email addresses, along with details of alleged adulterers from Yale, Beoing, Harvard, the UN, Amazon and Bank of America.
There are also over 6,000 with us.army.mil addresses, and 1,600 from navy.mil.
However as many have pointed out, it is possible to create an account using the details and email addresses of another person, or using fake addresses, meaning some of the alleged users are likely fake.
This is because Ashley Madison does not use an email address verification, so you could create an account for barack.obama@whitehouse.gov should you wish, as security blogger Graham Cluley pointed out.
However why anyone would sign up to an adultery site with their work email address remains unclear.
In a message posted with the dump, the hackers said: “Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.
“Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.”
Initially there was uncertainty that the data wasn’t real, as Ashley Madison had dealt with many fake data dumps, but security blogger Brian Krebs has since reversed his position, posting the following on Twitter:
I’m sure there are millions of AshleyMadison users who wish it weren’t so, but there is every indication this dump is the real deal.
– briankrebs (@briankrebs) August 19, 2015
In a statement released yesterday, Ashley Madison said the breach was “not an act of hacktivism” but an act of criminality”, and they were investigating the data dump.
The company said: “It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.
“We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.”
There is now reportedly a scramble to create a searchable database for the dump, with some early sites being shut down or crashing.
Read more about the story here.