The attackers who compromised Ashley Madison -- an online hook-up site for people looking for extra-marital affairs -- have made good on their threats to unmask the site's users if the site was not taken down. However, unlike the attackers who doxed Sony and Hacking Team, who uploaded all the stolen data to Pastebin, the Ashley Madison hackers dropped the 9.7 G data dump where most users will not go looking: the "dark web," only accessible through the Tor network.
The data includes email addresses, credit card transaction data, and profile information on the 37 million customers of Avid Life Media, which includes Ashley Madison and its sister sites, Cougar Life and Established Men.
The attackers, who call themselves Impact Team, said "We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data. ... Find yourself in here? It is ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends."
“This is definitely a unique cybercriminal act, one that I'm sure is very controversial amongst readers. But what’s more worrying is what they are not releasing and instead using as blackmail," says George Anderson, director of product marketing at Webroot. "I don’t think this is just a sophisticated ‘kiss ‘n tell.’ There is a desire to hurt people here and that’s sick as well as being criminal.
"Whilst readers' morals may conflict either seeing this group of hackers as good or bad guys, the fact remains that the Impact Team illegally obtained sensitive personal info," says Anderson. "I’d imagine the fall-out is divorces, firings and blackmail – really personally malicious and upsetting stuff. There are no moral judgments on this except the immorality of hackers. So the ‘what now?’ is pretty nasty and the site users will probably be considering a class action for negligence."
See more on Wired.