Impact Team leaks 124 UK government email addresses used to sign up to cheating website Ashley Madison
Ashley Madison, owned by Avid Life Media, is a website with close to 40 million users that facilitates adultery and has the tagline "Life is short. Have an affair".
Among the email addresses are 92 Ministry of Defence email addresses, according to the website Political Scrapbook.
Scottish MP Michelle Thomson also appears on the list of Ashley Madison members, as does former prime minister Tony Blair. However, there's one big caveat. Ashley Madison doesn't verify email addresses when registering accounts, which means that many of the names on the list could be from people playing practical jokes.
Thomson said: "Along with potentially millions of others, an out-of-use email address seems to have been harvested by hackers. I am not aware of or in contact with either Avid Life or Ashley Madison and look forward to finding out more about what has actually happened.
"However, having a personal email address linked to an account doesn't mean that person is really a user of Ashley Madison. Users are able to sign up to the site without responding to an email verification, meaning anyone's email address could have been used to create an account."
Political Scrapbook also trawled the data to find 1,716 email addresses from universities and further education colleges, using the .ac.uk suffix; 124 using .gov.uk; 92 using .mod.uk; 65 local education authorities and schools using .sch.uk; 56 National Heath Service emails and less than 50 police emails (.police.uk).
The data dump contains the usernames, first names, last names, street addresses and more of some 33 million users. Partial credit card details have also been published, along with records documenting 9.6 million transactions and 36 million email addresses. Among the email addresses were more than 15,000 accounts created with US .mil or .gov email addresses.
The hackers published the information after Ashley Madison's parent company Avid Life Media failed to take down the cheating website.
The Hacking Team said it was unhappy with the platform's Full Delete feature, claiming that it doesn't remove all information about the user.
The data, which includes the email addresses of Ashley Madison users, was published on the dark web, meaning it could only be accessed via an encrypted browser known as Tor. However, some other websites have since duplicated the data.
ALM confirmed the attack and said it was working with law enforcement agencies.
Pressure is now mounting on Ashley Madison and the company may not survive the attack.
Dr Chenxi Wang, VP of cloud security and strategy at enterprise cloud security firm CipherCloud, said: "This hack may just kill Ashley Madison. The hackers are demanding the company to shut down or face public release of the very personal details of all of its 37 million customers.
"This puts AM between a rock and a hard place if it continues to operate. It's unthinkable for any business, especially one that runs on discretion and trust, to betray its customers' confidentiality.
"Trust is essential for e-commerce to work. But already, we're seeing multiple areas where the company's credibility for trust has been broken. It claims to "invest in the latest privacy and security technologies" yet the breach uncovered extensive information - names, credit card numbers, nude photos, etc."