It's about to get a whole lot worse for users of the infidelity-focused dating site Ashley Madison: a huge, 10 GB dump of data from last month's hack has been posted online, revealing all sorts of information about the website's users.
For starters, the data dump includes the usernames, first and last names, and hashed passwords for 33 million Ashley Madison accounts. On top of that, the dump includes 36 million email addresses (more than 15,000 of which are US government email addresses), and partial credit card data, partial addresses, transaction data, and phone numbers for a significant percentage of users.
It gets even worse, too. The profile data for pretty much every user is available in the dump, which means anyone can look through a find a user's sexual desires (such as "threesomes"), and their relationship statuses. Some of the associated names and other personal details will have been faked by the user to protect their identity, but naturally this won't be the case for everyone.
The data dump also includes a significant amount of Ashley Madison's internal documents, including contracts, sales techniques, employees' Windows credentials, and even PayPal account details belonging to executives. The data posted online includes basically everything stored on the company's servers, indicating this was a full-scale compromise of their IT infrastructure.
Many security researchers currently exploring the data dump, which is simply mammoth at 10 gigabytes when compressed, have confirmed that the information comes directly from Ashley Madison. The company themselves are yet to confirm the data dump is real, instead suggesting it contains fake information. However, many Ashley Madison users have been able to find their personal information among the dumped data, which indicates this is actually the real deal.
It's unclear exactly what Ashley Madison will do following this massive, unprecedented hack of their systems. Many of their users are in for a bad time if the data is used for blackmail purposes, and you'd suspect the owners of the site - and possibly the hackers if they're ever caught - will be in for a similarly bad time down the track.