lolloj - Fotolia
The hackers issued the threat in July 2015 when they claimed to have compromised ALM’s user databases, source code repositories, financial records and email system.
The Impact Team has encouraged ALM’s customers, including one million in the UK, to sue the company for failing to keep their data safe.
The group has also accused ALM of lying about its service that claimed to delete members’ profile information for a $19 fee. “Full Delete netted ALM $1.7m in revenue in 2014. It’s also a complete lie,” the hacking group said.
The first set of data included personal details and financial transaction histories for around 32 million Ashley Madison members, including UK civil servants, US officials, members of the US armed forces and top executives at European and North American corporations.
The latest set of data was also posted to the dark web using an Onion address accessible only through the Tor browser and includes source code from the website, internal emails and a note to the company’s founder Noel Biderman.
In response to ALM’s statement that the first set of data may not be authentic, the hackers accompanied the second set of data with a note saying: “Hey Noel, you can admit it’s real now.”
One file appears to contain nearly 14GB of data from the Biderman’s email account, but the file is zipped and appears to be damaged, reports the BBC.
Tim Erlin, director of IT security and risk strategy at Tripwire, said that while the target of the attack and breach may be Ashley Madison, there is significant collateral damage with the release of so much personal information.
“The collection of so much data isn’t a simple task. This attack was targeted and persistent,” he said.
Ken Westin, senior security analyst at Tripwire, said the breach and resulting data dump was a personal attack with the goal of retribution.
“The goal was to expose and shame ALM and try to push the company to shut down two of their most profitable properties. The exposure of the users and the site was collateral damage,” he said.
According to Westin, the additional release of information regarding the company and emails reveals just how deeply the breach was.
“This is reminiscent of the Sony breach, which was also personal and the goal was to embarrass and shame the company and executives,” he said.
Other security commentators have noted the exposure of the Ashley Madison’s source code could make the website vulnerable to attackers for as long as it remains operational.
Read more about hacking
- Briton Lauri Love has been accused of hacking into various US agencies, including the US Army, Nasa, the Federal Reserve and the Environmental Protection Agency.
- Adobe plans to release security updates for two more Adobe Flash vulnerabilities exposed when hackers published documents belonging to Italy’s controversial Hacking Team.
- A cyber espionage group has targeted high-profile technology, internet, commodities and pharmaceutical companies in the US, Europe and Canada, reports Symantec.