Hackers have published more details of people that use adultery website Ashley Madison onto the dark web, it has been reported.
This is the third and largest data dump from the hackers, known as the Impact Team.
Over 14GB of data was published on a hard-to-access section of the internet yesterday, including a 13.74GB compressed file titled "noel.biderman.mail.7z". Noel Biderman is the name of Ashley Madison's CEO and this file looks like it could contain many of his email communications.
Opening the file is proving problematic to those that have tried as it keeps bringing up an error message. "It's in a zipped format, and when I try to decompress the contents a message comes up saying it won't work," Per Thorsheim, chief executive of cybersecurity firm God Praksis, told the BBC. "I can't yet say why."
Other files in the latest data dump appear to contain source code that could allow the hackers to infiltrate other sites owned by Ashley Madison's parent company, Avid Life Media.
Earlier this week the hackers uploaded 9.7GB of data including usernames, first names, last names, street addresses and more of some 33 million users. Partial credit card details were also published, along with records documenting 9.6 million transactions and 36 million email addresses.
Over 100 official UK government email addresses have been found in the the Ashley Madison files. Also among the email addresses were more than 15,000 accounts created with US .mil or .gov email addresses.
The data also included descriptions of what 64 members were looking for on Ashley Madison.
“I’m looking for someone who isn’t happy at home or just bored and looking for some excitement,” wrote one member, according to Wired. The same filed contained an address in Ottawa and the name and phone number of someone who works for the Customs and Immigration Union in Canada. “I love it when I’m called and told I have 15 minutes to get to someplace where I’ll be greeted at the door with a surprise — maybe lingerie, nakedness. I like to ravish and be ravished … I like lots of foreplay and stamina, fun, discretion, oral, even willingness to experiment—*smile*”
Passwords featured in the leak are hashed using the secure bcrypt algorithm. The difficulty and cost of decrypting all the passwords in the database means they will likely remain encrypted, but any users of Ashley Madison that want to minimise the risk of being exposed should change their password and any duplicates.
It's possible that some users provided fake details when they signed up, including random numbers and addresses. However, files containing credit card transactions will show real names and addresses, unless users of the site provided anonymous pre-paid cards.
The data was stolen last month by hackers that threatened to publish it unless the match making site for married people was taken down.
Some data was released in July but Avid Life Media, which owns Ashley Madison, has confirmed that more data has now been leaked.
“Avid Life Media has failed to take down Ashley Madison and Established Men,” Wired quoted Impact Team as saying in a statement accompanying the posting earlier this week.
“We have explained the fraud, deceit, and stupidity of ALM [Avid Life Media] and their members. Now everyone gets to see their data,” the hackers said, according to Wired.
Shortly after the breach, a hacking insider told Sky News that hackers could sell the data they hold on Ashley Madison's 37 million cheating users for a large profit.
Initially the hackers released just 40MB of data, including some credit card details and several documents about its parent company Avid Life Media (ALM).
The hackers said they were prepared to release all customer records, including the "secret sexual fantasies" of members, unless the site was closed.
Ashley Madison, whose tagline is “Life is Short. Have an Affair”, is founded on confidentiality and privacy. It facilitates relationships between married people looking to cheat on their spouse.
The Impact Team targeted ALM over its Full Delete feature – a £15 ($19) service that allows Ashley Madison users to remove their profile and all accompanying information. The hackers claim that ALM doesn’t actually delete everything, stating that the user’s real name and credit card details remain online.
In April, ALM claimed Ashley Madison was the second most popular dating site in the world, losing out only to dating giant Match.com. It also claimed Ashley Madison had 1.2 million users in Britain.
Commenting at the time of the hack, Kassem Younis, a privacy expert and CEO of Thoughts Around Me, an app that lets people share things anonymously about issues affecting their everyday lives, said Ashley Madison has let its users down by failing to protect them.
“There are many reasons why people would want to protect their identities online - whether or not you agree with the premise of this particular service, users have placed their trust in Ashley Madison and have been badly let down. What is most worrying is that this points to a wider trend of anonymous apps and websites being hacked, including Secret in August 2014.
"The scale of this hack is what will trouble the UK’s 1.2 million users the most. With reports that Ashley Madison’s customers have had everything from their credit card details to their real names and even their sexual fantasies compromised, there may be a lot of red faces in the UK this morning and much damage has likely already likely been done."
ALM revealed in April that it planned to float on the London Stock Exchange as it looked to raise money from investors hungry to cash in on the success of dating startups.
The company tried floating in Toronto five years ago, only to be greeted to a lack of appetite among cautious North American investors.
“Europeans have a more laissez-faire attitude toward infidelity,” said Christoph Kraemer, head of international relations for Ashley Madison at the time. “Investors here will look past that and at the numbers.”