The group responsible for the Ashley Madison hack published the compromised records on Tuesday, delivering on their promise when the hack was announced in July. The compromised records include account profile information, personal information, financial records, and more.
In July, a group calling themselves Impact Team leaked a selection of files that they claimed originated form Avid Life Media (ALM), the company behind adult playgrounds of Ashley Madison, Cougar Life, Established Men, and others.
The group said they had fully compromised the company's records, and demanded that they halt operations on Ashley Madison and Established Men. If that didn't happen, the group said they would publish the compromised records in full.
The reason for the attack, the group said, is because the company "profits on the pain of others."
On Tuesday, they delivered on their promise, and released 10GB of data to the public. Along with links to the leaked data, the group published the following:
"Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.The group also published a key so that anyone downloading them would know they came from the proper source.
Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.
Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it."
The leaked files include databases complete with account information, profile data, PII, and financial data. Among the records are 15,019 accounts using either a .mil or .gov email address. Other records indicate that the user created their ALM profile with a work related email address.
On Twitter, @t0x0 provided Salted Hash with a breakdown of these addresses. A brief example is below; the image contains the full list of domains.
- us.army.mil - 6788
- navy.mil - 1665
- usmc.mil - 809
- mail.mil - 206
- gimail.af.mil - 127
However, ALM never required that data be valid unless the user registered for a paid account, and even then the verification process wasn't that hard to bypass as long as the bills were paid.
Clearly there are plenty of false records, including those from the White House, or yahoo.gov. However, the records with full account details, including profiles matched to personal and financial records, are going to be harder to dispute.
This story is developing, and will be updated as new information becomes available.