As they promised weeks ago when the breach occured, the crew responsible for the Ashley Madison hack have published 35GB worth of compromised data online (emphasis added):

The group also published a key so that anyone downloading them would know they came from the proper source.

The leaked files include databases complete with account information, profile data, PII, and financial data. The email database alone contains 36 million records. Among those records are 15,019 accounts using either a .mil or .gov email address. Other records indicate that the user created their ALM profile with a work related email address.

On Twitter, @t0x0 provided Salted Hash with a breakdown of these addresses. A brief example is below; the image contains a larger list of domains.A full list is available here.

  • us.army.mil – 6788
  • navy.mil – 1665
  • usmc.mil – 809
  • mail.mil – 206
  • gimail.af.mil – 127

If the data in the leaked files is valid, then Impact Team has created a blackmail archive that could land scores of people in hot water.

However, ALM never required that data be valid unless the user registered for a paid account, and even then the verification process wasn’t that hard to bypass as long as the bills were paid.

I wonder what Easter Eggs lay hiding in this trove?