The data dump by hackers who have attacked the site appears to
include email messages linked to Noel Biderman, founder and chief
executive officer of its Toronto-based parent company Avid Life
Media.
In a message accompanying the release, the hackers said: "Hey Noel,
you can admit it's real now."
That appeared to be a riposte to the company's initial response to
Tuesday's dump that the data may not be authentic.
The earlier dump exposed millions of email addresses for customers
of Ashley Madison - whose tagline is 'Life is short. Have an
affair.' - including for U.S. government officials, UK civil
servants and executives at European and North America corporations.
The U.S. Defense Department and Postal Service is also investigating
the alleged use of military and other government email accounts on
the site.
Former reality TV star and family values campaigner Josh Duggar
admitted to cheating on his wife after reports he had subscribed to
the site.
Executive Director of the Louisian Republican party Jason Doré told
the Times-Piscuyune paper he was on a list of accounts because the
site was used for "opposition research."
Doré said an account was created under his name and his former
personal credit card billing address in connection with the work of
his law firm, Doré Jeansonne. He declined to say who he was using
the account for.
In a sign of Ashley Madison's deepening woes following the breach,
lawyers have launched a class-action lawsuit seeking some $760
million in damages on behalf of Canadians whose information was
leaked.
Eliot Shore, a widower who lives in Ottawa, is suing Avid Dating
Life Inc and Avid Life Media Inc, the corporations that run Ashley
Madison.com, law firms, Charney Lawyers and Sutts, and Strosberg
said in a statement.
He joined the website "for a short time in search of companionship",
but never met anybody in person, they said in a statement.
Since the hack last month, Avid Life has indefinitely postponed the
adultery site's IPO plans. Avid values itself at $1 billion and
reported revenue of $115 million in 2014, up 45 percent from the
preceding year.
"PAID DELETE"
The hackers object to the site's business practices, specifically a
"paid delete" option that allows people to pay to remove all their
information but, they say, does not actually do that. David Kennedy, founder and security consultant at TrustedSec, said
that the fresh release appears to be authentic.
"Everything appears to be legit," he said in an email. "We have
portions downloaded and its confirmed legitimate thus far."
A report in Vice Media's online technology site Motherboard, which
first reported the new data dump, said the release bore the same
fingerprints as Tuesday's release.
The additional release will likely ratchet up the pressure on Avid
Life, which has been quiet about exactly how much and what sort of
data was stolen in a breach in July.
[to top of second column] |
The company, which also owns websites CougarLife.com and
EstablishedMen.com, did not immediately respond to requests for
comment.
"These guys are very diligent about not being caught," said Erik
Cabetas, managing partner of Include Security, who has done forensic
work on the initial dump.
The release includes source code for the website as well as
smartphone apps and proprietary company data, he added. The
availability of the source code could allow other hackers to set up
a similar site or find and exploit vulnerabilities on the actual
site, which is still operating.
The 20-gigabyte data dump reported on Thursday would be roughly
double the size of the earlier one.
Despite the negative publicity surrounding the attack, demand for
Ashley Madison's services has been steady since the data breach
first announced in July, said Mark Brooks, CEO of Internet dating
consultancy Courtland Brooks.
"It just goes to say that all press is good press ... The awareness
of the brand is through the roof," Brooks said.
U.S. MILITARY, POSTAL SERVICE PROBES
The data release could have severe consequences for U.S. service
members. Several tech websites reported that more than 15,000 email
addresses were government and military ones.
Hundreds of U.S. government employees - including some with
sensitive jobs in the White House, Congress and law enforcement
agencies - used Internet connections in their federal offices to
access and pay membership fees to the website, The Associated Press
reported.
The Pentagon said it was aware of reports that military email
addresses were among those posted earlier in the week.
Defense Secretary Ash Carter told a Pentagon news conference that
different service branches were looking into the matter.
The U.S. Postal Service and its internal watchdog also plan to
review whether or not some of the agency's employees may have
violated federal policies by using their government email on the
website.
(Additional reporting by Jeffrey Dastin in New York and David
Alexander in Washington; Editing by Grant McCool and Christian
Plumb)
[© 2015 Thomson Reuters. All rights
reserved.]
Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
|