After stealing customer information from the online cheating site Ashley Madison, hackers who go by the name Impact Team has made the data public.
A report in Wired mentions that close to 9.7 gigabytes worth of customer information has now been made public. The hackers have released the data on an Onion address in the dark web which is accessible only by using a Tor browser.
The hackers had earlier threatened to make the data public and had asked the website to shut down else the data would be made public. The website enables married individuals to find partners for affairs.
Is the leaked data authentic?
Ashley Madison's parent company Avid Life Media cautioned on Tuesday that the date leaked could be fake, but many experts have come forward and certified that the data seems legit.
"The dump itself – 10 gigs COMPRESSED. For folks that may not know, that is massive. Huge.
Regardless of ethics, this is a massive data breach where attackers had full and maintained access to a large percentage of Ashley Madison’s organization undetected for a long period of time. Ashley Madison has not commented on the original source of the breach, how it occurred, or how they were compromised.
This dump appears to be legit. Very, very legit."
Wired also reported that mmong the email addresses were more than 15,000 accounts created with US .mil or .gov email addresses.
But Ashley Madison maintains that the dump is fake.
"There’s definitely not credit card information, because we don’t store that,” Raja Bhatia, original chief technical officer of the site told Krebsonsecurity. “We use transaction IDs, just like every other PCI compliant merchant processor. If there is full credit card data in a dump, it’s not from us, because we don’t even have that.
Krebsonsecurity however later added:
"I’ve now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database..... I’m sure there are millions of AshleyMadison users who wish it weren’t so, but there is every indication this dump is the real deal."
Ashley Madison is reported to have close to 40 million customers at the time of the breach and details of around 32 million customers have been made public. The details of users in the public domain include their names, street address, email address and amount paid to the website for its services, but not the entire credit card details.
The intrusion into the Ashley Madison database by the Impact Team had taken place last month, the hackers demanding that Avid Life Media, the parent site for Ashley Madison and EstablishedMen.com, take down the two sites.