Hackers have released 10 gigabytes of data stolen from Ashley Madison, a dating website for cheating spouses.
Hackers claim to have distributed the personal information on 33 million accounts via the dark web and it is now being pored over by security researchers, among others.
The dump contains users’ names, addresses, phone numbers, encrypted passwords, and 36 million email address. Online security magazine CSO is also reporting that the leak contains over 15,000 government or military email addresses (ending .mil or .gov).
However, having a personal email address linked to an account doesn’t mean that person is really a user of Ashley Madison. Users are able to sign up to the site without responding to an email verification, meaning anyone’s email address could have been used to create an account.
Per Thorsheim, a Norwegian security expert, told the BBC that he was contacted by an anonymous Norwegian who asked him if his credit card details were part of the released data.
I am surprised that they have transaction history going back in time by so many years and that no encryption has been used
Mr Thorsheim found some identifiable details were present, in unencrypted form, and he says these were subsequently confirmed by the anonymous contact. The data did not include full credit card information like the expiry date and three-digit security code on the reverse of a card. But transaction history for some users going back as far as 2009 was present.
Brian Krebs said his sources indicated that only the last four digits of credit cards were included in the leaked database, rather than the complete account numbers.
However, a spokesman for Avid Life has told Reuters: “We can confirm that we do not – nor ever have – store credit card information on our servers.”
