Hackers claim to have leaked a massive list of users from Ashley Madison, a matchmaking website for cheating spouses, saying its owners had refused to bow to their demands to close the site.
A message posted online said "Time's Up!" and accused parent company Avid Life Media of deceit and incompetence.
"Now everyone gets to see their data," the statement said.
Toronto-based Avid Life Media, Inc. said in a statement Tuesday that it was aware of the claim and was investigating.
"The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner," the company said.
The Associated Press wasn't immediately able to determine the authenticity of the leaked documents, but several security analysts who have scanned the data say they believe the dump is genuine.
One of them, TrustedSec CEO Dave Kennedy, said the dump included full names, passwords, street addresses, credit card information and "an extensive amount of internal data."
In a blog post, he said it seemed the hackers had access to Ashley Madison "for a long period of time."
Errata Security CEO Rob Graham said he had counted more than 36 million accounts, although many appeared to be bogus. The overwhelming majority of the users were male, he said in a separate blog post.
The hackers' motives aren't entirely clear, although they have accused Ashley Madison of faking female profiles to keep male users interested. In its statement, Avid Life Media (ALM( accused the hackers of seeking to impose "a personal notion of virtue on all of society."
In July, media reports indicated that the hackers, who identified themselves as The Impact Team, criticized ALM for continuing to store user data after an account is deleted, and called the users themselves “cheating dirtbags.” The Impact Team threatened to release client names if ALM did not permanently shut down Ashley Madison and another dating site it owns, Established Men.
As The Christian Science Monitor reported, the hack was seen by some as a kind of moral vigilantism. Others saw it more as blackmail or cyberterrorism.
“This one is more like ‘hacktivism’ to me,”Paul Williams, chief technology officer of security consulting company White Badger Group. “It is definitely black hat, but it’s like Robin Hood robbing from the rich to give to the poor. In this case, these guys are doing a very ugly hack that’s blatantly against the law, but in the name of doing something good. So it’s kind of like a crossover of hacktivism and, of course, black hat.”
D.E. Wittkower, assistant professor of philosophy at Old Dominion University whose research involves the legal invocation of property rights to protect privacy, adds that since The Impact Team’s motivation is about morality – not aiding the company in boosting security or promoting criminal activity – even the more ambiguous “gray hat” label does not fit quite right.
Instead, he says he favors ALM’s claim that the hack is an act of “cyber-terrorism.” The term, he says, “in some sense, seems way overblown, but as a factual description I think might be pretty accurate, because what they’re trying to do is to utilize fear in order to bring about a change in company policy.”
A call to Avid Life Media wasn't immediately returned. The hackers didn't immediately return messages.