WASHINGTON - Hackers have released stolen information from some 32 million users of the affair website Ashley Madison, security experts said Wednesday.
The data dump was first reported by Wired magazine, which said the post on the "dark web" included millions of payment transactions, email addresses and phone numbers of people who were registered on the infidelity dating site.
Security experts said the files appeared to be from Ashley Madison, and that the release could have far-reaching implications.
"The database dump appears to be legitimate and contains usernames, passwords, credit card data (last four numbers), street addresses, full names, and much, much more," said Dave Kennedy at the security firm TrustedSec.
"It also contains an extensive amount of internal data which looks like the hackers had maintained access to their environment for a long period of time."
Independent security researcher Graham Cluley said the leak could be catastrophic for members of the website.
"It's easy to imagine that some people might be vulnerable to blackmail, if they don't want details of their membership or sexual proclivities to become public," Cluley said in a blog post.
But he noted that an email in the Ashley Madison database "means nothing" because the site "never bothered to verify the email addresses given to it by users."
The release comes about a month after the data was stolen by hackers identified as the "Impact Team," who allegedly tried to shut the site for cheaters down "immediately permanently."
The group threatened to release customers records, nude pictures and conversations if the site wasn't closed.
Ashley Madison's website is known for its slogan "Life is short. Have an affair." It helps connect people seeking to have extramarital relationships and is owned by Toronto-based Avid Life Media (ALM).
The hacker team appeared to follow through on its threat with a 9.7 gigabyte dump, Wired reported.
"We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data," the group reportedly wrote in its data dump Tuesday.
"I'm looking for someone who isn't happy at home or just bored and looking for some excitement," said one user in the data, Wired reported, while noting some 15,000 users in the data included government or military email addresses.
'Act of criminality'
Avid Life Media said in a statement it was "actively monitoring and investigating this situation to determine the validity of any information posted online" and was seeking to remove "any information unlawfully released to the public."
"This event is not an act of hacktivism, it is an act of criminality," the company said.
"It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities."
The company decried the moral stance apparently taken by the hackers.
"The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society," the company said.
An investigation is being led by the Royal Canadian Mounted Police, the Ontario Provincial Police, the Toronto Police Service and the American FBI, the company said.
Ashley Madison was temporarily blocked in South Korea by the country's communications commission, but it returned with a surge of users this year.