Avid Life Media, owner of beleaguered extramarital adult website AshleyMadison.com, refused a hacking group's initial demand to shut down the site last month, instead assuring existing customers their information was secure.
The hackers, dubbed the "Impact Team," posted sample files containing private information - like user dating preferences, screen names, and addresses - and said more would be released if demand's weren't met. Non-compliance, they warned, would be detrimental.
On Tuesday, the "Impact Team" proved to be the real deal.
Nearly 10 gigabytes of data purported stolen from AshleyMadison.com appeared on a dark website using an Onion address yesterday, exposing personal information for over 36 million past and present users, according to a story posted to Wired.com. Hacked data, included in a "read-me" file condemning Avid Media Life's inaction, included real names, street address, phone numbers, and seven years' worth of credit card transactions.
"We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data...Keep in mind yhe site is a scam with thousands of fake female profiles," The "Impact Team's" statement read.
A screenshot of the group's message is below:
An ALM spokesman issued a statement late Tuesday ensuring members they were investigating the data's validity.
"This event is not an act of hacktivism, it is an act of criminality," the statement read. "It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities."
"The criminal, or criminals, involved in this act have appointed themselves as moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world."
While ALM doesn't have solid evidence indicating these files are legitimate, Brian Krebs - founder of Krebs on Security and the first person to acknowledge a breach - believes some, if not all, the information is real.
"I've now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database," Krebs said. "Also, it occurs to me that it's been almost exactly 30 days since the original hack."
One of the original hack's bigger revelations was how many users stem from Washington D.C. Subscribers in the nation's capital were on edge following recent reports, as more than 15,000 government and military email addresses were exposed. Embedded emails may be tied to the Department of Homeland Security, State Department, and both the House and Senate, according to The Hill.
Many of the government email addresses, like "whitehouse.gov" and "yahoo.gov," are obviously fakes, but legitimate ones will bring massive headaches to thousands with federal agencies ties. Especially those using a government account to hide an affair.