Data stolen from Ashley Madison posted online

Millions of records are in the cache, including credit card transactions and emails.
Written by Zack Whittaker, Contributor on
The torrent file containing likely millions of records
(Screenshot: ZDNet/CBS Interactive)

Hackers who stole millions of customer records from affair-inciting site Ashley Madison have posted the data online.

It comes almost exactly a month after hackers, dubbed Impact Team, claimed to have breached the company's systems, pilfering as many as 37 million customer records. They then threatened to release the files online.

The Toronto, Canada-based Avid Life Media, which owns the website, admitted the following day its systems had been breached.

Just shy of 10 gigabytes of data were published late Tuesday to a dark web server -- inaccessible through ordinary browsers.

Wired was first to report the news Tuesday.

In a brief statement on the page, the hackers wrote: "Find yourself in here? It was [Avid Life Media] that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you'll get over it."

We're still trying to verify the cache. A number of security watchers are confirming the cache's legitimacy.

"Ashley Madison data is almost certainly legit... too many things that simply couldn't have been faked or would have been enormous effort," said security expert Troy Hunt on Twitter earlier.

Based on a brief analysis of some of the data, it appears credit card transactions, usernames, email addresses, and other documents are in the downloadable cache.

Not all of the data can be considered accurate; users who signed up to the site did not have to verify their email addresses, suggesting some data may be inaccurate. Other information cannot be confirmed, and some users have noted that portions of data may have been falsified.

Avid Life Media called the event an "act of criminality" in a statement.

"We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law," the statement added.

This post has been updated.

These companies lost your data in 2015's biggest hacks, breaches

Editorial standards