(Updating to add details about the lawsuit, and Republican
party member)
By Alastair Sharp and Josephine Mason
TORONTO, Aug 20 (Reuters) - Emails sent by the founder of
infidelity website AshleyMadison.com appear to have been exposed
in a second, larger release of data stolen from its parent
company, cyber security experts confirmed on Thursday.
The data dump by hackers who have attacked the site
appears to include email messages linked to Noel Biderman,
founder and chief executive officer of its Toronto-based parent
company Avid Life Media.
In a message accompanying the release, the hackers said:
"Hey Noel, you can admit it's real now."
That appeared to be a riposte to the company's initial
response to Tuesday's dump that the data may not be authentic.
The earlier dump exposed millions of email addresses for
customers of Ashley Madison - whose tagline is 'Life is short.
Have an affair.' - including for U.S. government officials, UK
civil servants and executives at European and North America
corporations.
The U.S. Defense Department and Postal Service is also
investigating the alleged use of military and other government
email accounts on the site.
Former reality TV star and family values campaigner Josh
Duggar admitted to cheating on his wife after reports he had
subscribed to the site.
Executive Director of the Louisian Republican party Jason
Doré told the Times-Piscuyune paper he was on a list of accounts
because the site was used for "opposition research."
Doré said an account was created under his name and his
former personal credit card billing address in connection with
the work of his law firm, Doré Jeansonne. He declined to say who
he was using the account for.
In a sign of Ashley Madison's deepening woes following the
breach, lawyers have launched a class-action lawsuit seeking
some $760 million in damages on behalf of Canadians whose
information was leaked.
Eliot Shore, a widower who lives in Ottawa, is suing Avid
Dating Life Inc and Avid Life Media Inc, the corporations that
run Ashley Madison.com, law firms, Charney Lawyers and Sutts,
and Strosberg said in a statement.
He joined the website "for a short time in search of
companionship", but never met anybody in person, they said in a
statement.
Since the hack last month, Avid Life has indefinitely
postponed the adultery site's IPO plans. Avid values itself at
$1 billion and reported revenue of $115 million in 2014, up 45
percent from the preceding year.
"PAID DELETE"
The hackers object to the site's business practices,
specifically a "paid delete" option that allows people to pay to
remove all their information but, they say, does not actually do
that.
David Kennedy, founder and security consultant at
TrustedSec, said that the fresh release appears to be authentic.
"Everything appears to be legit," he said in an email. "We
have portions downloaded and its confirmed legitimate thus far."
A report in Vice Media's online technology site Motherboard,
which first reported the new data dump, said the release bore
the same fingerprints as Tuesday's release.
The additional release will likely ratchet up the pressure
on Avid Life, which has been quiet about exactly how much and
what sort of data was stolen in a breach in July.
The company, which also owns websites CougarLife.com and
EstablishedMen.com, did not immediately respond to requests for
comment.
"These guys are very diligent about not being caught," said
Erik Cabetas, managing partner of Include Security, who has done
forensic work on the initial dump.
The release includes source code for the website as well as
smartphone apps and proprietary company data, he added. The
availability of the source code could allow other hackers to set
up a similar site or find and exploit vulnerabilities on the
actual site, which is still operating.
The 20-gigabyte data dump reported on Thursday would be
roughly double the size of the earlier one.
Despite the negative publicity surrounding the attack,
demand for Ashley Madison's services has been steady since the
data breach first announced in July, said Mark Brooks, CEO of
Internet dating consultancy Courtland Brooks.
"It just goes to say that all press is good press ... The
awareness of the brand is through the roof," Brooks said.
U.S. MILITARY, POSTAL SERVICE PROBES
The data release could have severe consequences for U.S.
service members. Several tech websites reported that more than
15,000 email addresses were government and military ones.
Hundreds of U.S. government employees - including some with
sensitive jobs in the White House, Congress and law enforcement
agencies - used Internet connections in their federal offices to
access and pay membership fees to the website, The Associated
Press reported.
The Pentagon said it was aware of reports that military
email addresses were among those posted earlier in the week.
Defense Secretary Ash Carter told a Pentagon news conference
that different service branches were looking into the matter.
The U.S. Postal Service and its internal watchdog also plan
to review whether or not some of the agency's employees may have
violated federal policies by using their government email on the
website.