Business

Ashley Madison infidelity site's customer data 'leaked'

Ashley Madison screenshot Image copyright Reuters
Image caption The website promises to connect married people seeking an affair

Customer data stolen from Ashley Madison, a dating website for married people who wish to cheat on their spouse, has reportedly been published.

The data has reportedly been leaked on the so called dark web, meaning it is accessible only via encrypted browsers.

The BBC did not access the data and has not verified its authenticity.

Hackers stole the data last month and threatened to reveal it unless the match making site for married people was taken down.

Technology website Wired said 9.7 gigabytes of data was posted, and the material appeared to include members accounts and credit card details.

The hackers, who called themselves the Impact Team, said they had managed to steal the real names and addresses of the site's users, including those who had previously paid to "delete" their accounts.

Small pieces of the data had already been leaked in July.

"Act of criminality"

In a statement, Canada-based Avid Life Media, the company behind Ashley Madison said it had "now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data".

Describing the hack as "an act of criminality", the company said it was fully cooperating with law enforcement to find the hackers.

"The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world," the statement said.

Security blogger Brian Krebs said that the leak appeared to be real.

"I've now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database," he wrote.

"Also, it occurs to me that it's been almost exactly 30 days since the original hack."

Another security consultant noted that Avid Life Media had used the bcrypt encryption standard to scramble users' passwords.

"Bcrypt is one of the more modern ways to make it harder for people to reverse engineer passwords - it's not impossible but it would take a hacker much longer to work out what they are," Alan Woodward told the BBC.

Even so, the release of the unencrypted email addresses means users may be targeted by spammers and scammers.

Ashley Madison says it operates in more than 50 countries and has 37 million users, more than a million of whom live in the UK.

It promotes its service with the tagline, "Life is short, have an affair".

Related Topics

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites