The hacking group behind the Ashley Madison breach compared the affair-seeking website to “a drug dealer abusing addicts” in an email exchange threatening to carry out more attacks.
In the exchange published Friday by Vice Media’s Motherboard website, the group calling itself The Impact Team said that hacking Ashley Madison was easy because “nobody was watching” and the site had “no security.”
Motherboard said it contacted the group through “an intermediary” and verified the group’s PGP signature used for encrypting messaging.
In the exchange, the hacker group said Ashley Madison and its parent company Avid Life Media were facilitating human trafficking and other abuses.
“We watched Ashley Madison signups growing and human trafficking on the sites,” the group said. “Avid Life Media is like a drug dealer abusing addicts.”
The group, which leaked nearly 30 gigabytes of files including names and credit card data of users, and source code for the websites, said it had far more data, saying it included “300GB of employee emails and docs from internal network.”
The group also claimed to have “tens of thousands of Ashley Madison user pictures (and) some Ashley Madison user chats and messages.”
It said a third of the photos were “dick pictures” but that it would not “dump” these.
“Not dumping most employee emails either. Maybe other executives,” the group added.
Asked if it planned additional attacks, the group said: “Not just sites. Any companies that make 100s of millions profiting off pain of others, secrets, and lies. Maybe corrupt politicians. If we do, it will be a long time, but it will be total.”
The hackers this week released a second batch of data from Ashley Madison including corporate emails and sensitive computer source code.
Earlier this week it released some 32 million emails and user account information.
Ashley Madison is known for its slogan: “Life is short. Have an affair.”
It helps connect people seeking to have extramarital relationships and is owned by Toronto-based Avid Life Media.
A class-action lawsuit filed in Canada this week against the company seeks damages for Canadian users whose personal information was hacked and leaked online.