Ashley Madison hack fallout worsens with new leak

Emails sent by the founder of infidelity website AshleyMadison.com appear to have been exposed in a second, larger release of data stolen from its parent company.

The data dump by hackers who attacked the site earlier this year appears to include email messages linked to Noel Biderman, founder and chief executive officer of its parent company Avid Life Media.

In a message accompanying the release, the hackers said: "Hey Noel, you can admit it's real now."

That appeared to be a riposte to the company's initial response to the initial dump earlier this week that the data may not be authentic.

The earlier dump exposed millions of email addresses for customers of Ashley Madison - whose tagline is 'Life is short. Have an affair.' - including for government officials and civil servants across Australia, the US and UK. 

Errata Security chief executive Rob Graham said the information released included details such as users’ height, weight and GPS coordinates. He said men outnumbered women on the service five-to-one.

The hackers claim to object to the site's business practices, specifically a "paid delete" option that allows people to pay to remove all their information but which, they say, does not actually do that.

David Kennedy, founder and security consultant at TrustedSec, said the fresh release appears to be authentic.

"Everything appears to be legit," he said. "We have portions downloaded and its confirmed legitimate thus far."

The additional release will likely ratchet up the pressure on Avid Life, which has been quiet about exactly how much and what sort of data was stolen in a breach in July.

The company, which also owns websites CougarLife.com and EstablishedMen.com, did not immediately respond to requests for comment.

"These guys are very diligent about not being caught," said Erik Cabetas, managing partner of Include Security, who has done forensic work on the initial dump.

The release includes source code for the website as well as smartphone apps and proprietary company data, he added. The availability of the source code could allow other hackers to set up a similar site or find and exploit vulnerabilities on the actual site, which is still operating.

Today's 20GB data dump is roughly double the size of the earlier one.

Despite the negative publicity surrounding the attack, demand for Ashley Madison's services has been steady since the data breach was first disclosed in July, said Mark Brooks, CEO of internet dating consultancy Courtland Brooks.

"I would have thought this would be a death knell for that company because their entire business basis is privacy," Brooks said. "It just goes to say that all press is good press...The awareness of the brand is through the roof."