LONDON – Hackers claim to have exposed data on millions of spouses who signed up to the Toronto-based cheating website Ashley Madison.
A message posted by the hackers alongside a massive trove of leaked files accused Ashley Madison’s owners of deceit and incompetence and said the company had refused to bow to their demands to close the site.
“Now everyone gets to see their data,” the statement said.
Ashley Madison has long courted attention with its claim to be the Internet’s leading facilitator of extramarital liaisons, boasting that “thousands of cheating wives and cheating husbands sign up every day looking for an affair.” Its owner, Avid Life Media Inc., has previously acknowledged suffering an electronic break-in and said in a statement Tuesday it was investigating the hackers’ claim.
Canadian and U.S. law enforcement are involved in the probe, the company said.
The Associated Press wasn’t immediately able to determine the authenticity of the leaked files, although many analysts who have scanned the data believe it is genuine.
TrustedSec Chief Executive Dave Kennedy said the information dump included full names, passwords, street addresses, credit card information and “an extensive amount of internal data.” In a separate blog, Errata Security Chief Executive Rob Graham said the information released included details such as users’ height, weight and GPS co-ordinates. He said men outnumbered women on the service five-to-one.
A call to Avid Life Media wasn’t immediately returned. The hackers also didn’t immediately return emails.
The prospect of millions of adulterous partners being publicly shamed drew widespread attention but the sheer size of the database — and the technical savvy needed to navigate it — means it’s unlikely to lead to an immediate rush to divorce courts.
“Unless this Ashley Madison information becomes very easily accessible and searchable, I think it is unlikely that anyone but the most paranoid or suspecting spouses will bother to seek out this information,” New York divorce attorney Michael DiFalco said in an email. “There are much simpler ways to confirm their suspicions.”
Although Graham and others said many of the Ashley Madison profiles appeared to be bogus, it’s clear the data breach was huge.
Troy Hunt, who runs a website that warns people when their private information is exposed online, said nearly 5,000 users had received alerts stemming from the Ashley Madison breach.
The number of people who actively used the site to seek sex outside their marriage is an open question. But whatever the final number, the breach is still a humbling moment for Ashley Madison, which had made discretion a key selling point. In a television interview last year, Chief Executive Noel Biderman described the company’s servers as “kind of untouchable.”
The hackers’ motives aren’t entirely clear, although they have accused Ashley Madison of creating fake female profiles and of keeping users’ information on file even after they paid to have it deleted. In its statement, Avid Life Media accused the hackers of seeking to impose “a personal notion of virtue on all of society.”
Graham, the security expert, had a simpler theory.
“In all probability, their motivation is that #1 it’s fun, and #2 because they can,” he wrote.