“Trusted Security Award,” “100% Discreet Service,” and “SSL Secure Site” are plastered across infidelity dating website Ashley Madison’s homepage. But that wasn’t enough to stop hackers, angry over its dubious moral standards and questionable business practices, from gaining access to the site’s most discreet data on roughly 32 million of its users. And according to one analysis of email addresses in the data dump, approximately 15,000 belong to .gov or .mil addresses.
Buried in the list are emails that could be tied to multiple administration agencies, including the State Department and Department of Homeland Security, as well as several tied to both the House and Senate.
For a month, hackers using the name “Impact Team” have been holding hostage the dating profiles of those who registered on the site. The group threatened to publicly out the potential adulterers if the site’s owner, Avid Life Media, didn’t take down Ashley Madison, which uses the tagline, “Life is short. Have an affair.”
Security researchers said on Wednesday that they believe the data released following the hack at Ashley Madison is authentic.
“This dump appears to be legit,” said David Kennedy, CEO of information security company TrustedSec, which monitors cyber attacks, in a blog post. “Very, very legit.”
Security journalist Brian Krebs reported several of the site’s users told him their real information is in the data dump.
The leaked database is staggering, according to researchers, and larger than expected at 37 million records, or nearly 10 gigabytes compressed.
“For folks that may not know, that is massive,” Kennedy said. “Huge.”
“It's full account information,” said Robert Graham, CEO of Errata Security, in a blog post. That includes full names, emails, phone numbers, addresses and passwords. […]
Other tech news outlets, such as CSO, have discovered British government officials, United Nations employees and Vatican staff among the millions of people in the leaked database.
The site did not check the authenticity of email accounts, however, so it’s likely many government accounts were fake, The Hill notes. For example, 44 email addresses appeared to be from “whitehouse.gov” accounts, but White House officials use “eop.gov” for email correspondence.
Washington, D.C. has for the third year in a row topped the list of the nation’s most adulterous cities, with Capitol Hill being the neighborhood with the most cheaters. Thus, it’s not surprising that even if some accounts are fake, that thousands of email addresses have been linked to government and military accounts.