sensitive customer information from the cheating site Ashley appear to have made good on their threat to post the data online.A data dump, 9.7 gigabytes in size, was posted on Tuesday to the dark web using an Onion address accessible only through the Tor browser.The files appear to include account details and log-ins for some 32 million users of the social networking site, touted as the premier site for married individuals seeking partners for affairs.Seven years worth of credit card and other payment transaction details are also part of the dump.
The data also includes descriptions of what members were seeking."I'm looking for someone who isn't happy at home or just bored and looking for some excitement," wrote one member who provided an address in Ottawa and the name and phone number of someone who works for the Customs and Immigration Union in Canada."I love it when I'm called and told I have 15 minutes to get to someplace where I'll be greeted at the door with a surprise—maybe lingerie, nakedness. I like lots of foreplay and stamina, fun, discretion, oral, even willingness to experiment—*smile*"Passwords released in the data dump appear to have been hashed using the bcrypt algorithm for PHP, but Robert Graham, CEO of Erratasec, says that despite this being one of the most secure ways to store passwords, "hackers are still likely to be able to 'crack' many of these hashes in order to discover the account holder's original password." If the accounts are still online, this means hackers will be able to grab any private correspondence associated with the accounts.It's notable, however, that the cheating site, in using the secure hashing algorithm, surpassed many other victims of breaches we've seen over the years who never bothered to encrypt customer passwords."We’re so used to seeing cleartext and MD5 hashes," Graham says."It’s refreshing to see bcrypt actually being used."Here's how the hackers introduced the new data dump: Following the intrusion last month, the hackers, who called themselves the Impact Team, demanded that Avid Life Media, owner of Ashley and its companion site Established Men, take down the two sites.Established promises to connect beautiful young women with rich sugar daddies "to fulfill their lifestyle needs." The hackers didn't target Cougar Life, a sister site run by ALM that promises to connect older women with younger men."Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails," the hackers wrote in a statement following the breach.