An estimated 70,000 Kiwis will be hoping their identities haven't been exposed after hackers made good on their promise to reveal who's been using AshleyMadison.com, a website that facilitates extramarital affairs.
Tech magazine Wired reports a 9.7-gigabyte file has been posted on the anonymous Tor network, which is only accessible through the use of special software.
It appears to contain the account details of the site's 32 million users, including names, addresses and credit card details.
"We have explained the fraud, deceit, and stupidity of [the site's] members," a message that appeared with the file read. "Now everyone gets to see their data."'
Ashley Madison's slogan is "Life is short - have an affair".
The file contains details of what members were looking for, including one after "someone who isn't happy at home or just bored and looking for excitement", and another who likes "to ravish and be ravished".
The passwords are encrypted, but experts don't believe they will stay that way for long.
"Hackers are still likely to be able to crack many of these hashes in order to discover the account holder's original password," Robert Graham of security company Erratasec told Wired, though he was pleased to see the site at least trying to protect itself and its users' data properly.
The hackers, calling themselves the Impact Team, wanted Ashley Madison's owners Avid Life Media to take the site down, as well as Established Men, which hooks up young woman with "sugar daddies".
CougarLife, a site which does the same for young men and older woman, wasn't targeted.
Their beef wasn't just about the morality of the service, but Avid Life Media's alleged fraudulent practises.
"The site is a scam with thousands of fake female profiles… chances are your man signed up on the world's biggest affair site, but never had one. He just tried to."
Impact Team also said Avid Life Media never deleted users' data even if users paid them to.
The group proved they had broken into Ashley Madison's database by posting sample files online last month.
Avid Life Media refused to cooperate, instead assuring customers it had beefed up its security in wake of the attack.
Digitalus director Lucas Young says the hacked details include around 22,500 email addresses ending with '.nz', 32 of which ended with '.govt.nz'.
"I don't know how the site works, but generally when you sign up to a website you have to confirm your email address is valid," Mr Young told RadioLIVE.
"They won't be made up email addresses, but they could be people who have just signed in from work for research or to have a look, or maybe they're legitimate customers."
State Services Minister Paula Bennett doesn’t find Government staff using their work email addresses to access the website "appropriate".
"I am also cognisant of the fact people work long hours and they may have mixed up personal emails with work ones," she says.
3 News
