NEW YORK, NY — Hackers who stole Ashley Madison customers’ personal information have followed through with their threat to release it to the public.
The hackers claim to have posted 32 million names, credit card numbers, email and physical addresses along with the sexual preferences of customers entered into the cheaters’ dating site.
The data is posted on what is known as the “Dark Web,” a part of the Internet that can’t be searched by Google or most common search engines. It can only be viewed with a special Tor browser.
But that information won’t likely stay hidden there for long — it’s easy to copy the information and paste it anywhere on the Internet for all to see.
Ashley Madison, which is owned by Avid Life Media, is designed to help married people cheat on their spouses. Its slogan is “Life is short. Have an affair.” The website claims to have nearly 39 million customers.
People can browse the site for free, but they have to pay for credits if they want to send messages to other members of the dating site. The fewest amount of credits a customer can buy is 100, which costs $49. Customers who buy 1,000 credits for $250 receive a money-back “affair guarantee,” if they don’t have an affair within three months.
Ashley Madison charges five credits per message, a minimum 20 credits for virtual gifts and 30 credits for a half-hour instant message session.
Included in the stolen personal information was the amount of money customers paid to the site.
The credit card numbers listed in the data dump are valid, and many are still active, according to Per Thorsheim, a cybersecurity expert in Norway. He said a massive amount of data is included in the posting. Even when compressed it came to 9.7 gigabytes.
The hackers mocked the site and the customer base, saying that 90% to 95% of the users were male.
Ashley Madison has long been criticized for supposedly having many fake accounts. It’s widely reported to be a hot bed for scam artists who pose as women who want to have an affair. The scammers often post profile images of porn actresses to lure men. And when contacted, the scammers ask men to provide them with their credit card information to “verify” them.
“Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles,” said the post. “Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.”
Avid Life Media said it’s actively monitoring the situation and working with law enforcement in the United States and in Canada, where the site is based.
“This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com,” the site said. “The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.”
The hack attack was first revealed a month ago. At that time hackers who called themselves the “Impact Team,” said they would release “profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails,” if the site was not shut down. Samples of the stolen data were published at that time, according to the hackers.
The hackers posted a statement Tuesday under the headline “Time’s Up!” announcing the posting of the data and giving directions to view the data.
“Avid Life Media has failed to take down Ashley Madison,” said the statement. “We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.”
By Chris Isidore and David Goldman
Erica Fink, Jose Pagliery, Charles Riley and Laurie Segall contributed to this report.