(Updating with details throughout)
By Alastair Sharp and Josephine Mason
TORONTO, Aug 18 (Reuters) - Hackers dumped online personal
details of more than a million users of infidelity website
AshleyMadison.com, tech websites reported on Tuesday, the latest
high-profile cyber attack that threatens to wreak strife in
relationships across the globe.
After threatening to release salacious details on as many as
37 million customers of the website, which uses the slogan "Life
is short. Have an affair," hackers claimed to publish a huge
cache of email addresses and credit card data stolen in July.
Reuters was not immediately able to confirm the authenticity
of the posting. Avid Life Media, which owns Ashley Madison and
Established Men, widely described as a "sugar daddy site," did
not verify the data was real, but said it was aware of the
claim.
The hackers used the dark web which is only accessible using
a specialized browser.
Still within hours, thousands of email addresses from North
America and Europe including many linked to corporations and
universities sprouted up on other sites as people decrypted the
database. It is possible to create an Ashley Madison account
using someone else's name and email.
The hackers have appointed themselves as "the moral judge,
juror, and executioner, seeing fit to impose a personal notion
of virtue on all of society," the company said in a statement.
"These are illegitimate acts that have real consequences for
innocent citizens who are simply going about their daily lives,"
it said.
The Federal Bureau of Investigation (FBI) is investigating
the theft alongside the Royal Canadian Mounted Police and local
police, it said.
The hackers, who call themselves The Impact Team, leaked
snippets of the compromised data in July and threatened to
publish names and nude photos and sexual fantasies of customers
unless Ashley Madison and another site owned by Avid Life were
taken down.
"Avid Life Media has failed to take down Ashley Madison and
Established Men," tech website Wired quoted The Impact Team as
saying in a statement accompanying the online dump.
"We have explained the fraud, deceit, and stupidity of ALM
(Avid Life Media) and their members. Now everyone gets to see
their data," the hackers said, according to Wired.
Other higher-profile attacks such as those on big companies,
like Sony Pictures Entertainment 6758.T and Target TGT.N ,
have seen credit card data of customers stolen, unleashing
massive financial damage to individuals and companies.
But this data dump appeared to confirm that the hackers were
not driven by blackmail or commercial motives, but rather
ideological ones.
The intrusion into the private lives of individuals marked a
watershed moment in cyber crime as the data spread across the
web, said Ajay K. Sood, General Manager for Canada of cyber
security firm FireEye Inc FEYE.O .
"These guys want as much notoriety as possible. This isn't
cyber terrorism. It's cyber vigilantism," he said.
Avid Life has said it is convinced the hackers were formerly
connected to the company.
Still the dump was massive, according to Troy Hunt, a
Microsoft (NASDAQ:MSFT) security expert, who said more than 1 million unique
email addresses were attached to payment records.
Wired said 9.7 gigabytes of data was posted, and appeared to
include member account and credit card details.
Toronto-based cybersecurity firm Cycura, which was hired by
Avid Life to investigate the attack, said it was not authorized
to speak on the matter.