CRITICAL SEVERITYDating

Ashley Madison Data Breach

Ashley Madison Extramarital Affairs Platform Breach (2015): 38 Million User Records Including Real Names, Home Address & Payment History Exposed

Online dating service focused on discreet relationships.

Verified by ObscureIQ Intelligence

X in f @

8.5Severity

38.4MRecords

14Fields

2015Year

ObscureIQ Breach Intelligence Scores

10.8

Breach Risk Index

Data Value

Market Recency

439

days

Since Breach

⚡ Risk Interpretation

Extremely sensitive. Exposure enables extortion, reputational destruction, harassment, and identity linkage around affair-related activity.

🎯 Impact & Downstream Threats

The data came out in July 2015. Names. Home addresses. Sexual orientation. Affair-seeking behavior. Real people, exposed. CEO Noel Biderman resigned within weeks. Canadian and Australian regulators opened investigations. A CAD $578 million class action was filed. The FTC settled with the company in 2016, requiring security audits for twenty years. Then there were the suicides. Documented. Linked directly to the exposure. Extortion campaigns followed. The company was also found to have run fake f

Primary downstream threats:

Credential stuffing against reused passwords across other platforms
Identity verification bypass using name + date of birth combination
SIM swap attacks where phone numbers are present
Targeted phishing campaigns using exposed email addresses
Doxxing risk from physical address exposure

🔓 Threat Vectors

Behavioural profiling & blackmail

Identity verification bypass

Phishing, credential stuffing & account takeover

Discriminatory targeting & hate crime enablement

Name-based social engineering

Profile enrichment

Credential stuffing & account takeover

SIM swapping, vishing & SMS phishing

Physical stalking, mail fraud & identity verification

Home targeting, stalking & physical threat

Account recovery hijacking

Outing, blackmail & targeted violence

Extortion & fraud

Cross-platform tracking & credential stuffing

📋 Breach Intelligence

EntityAshley Madison

OrganizationPrivate Company • Canada / Global

Breach Date2015-07-19

DBC Added2025-02-12

Added Date2025-02-12

Records~38.4M (38,373,637 records)

Attack VectorMisconfiguration

Data SubjectsUser

Breach PathwayDirect

SourceHave I Been Pwned / DataBreach.com / ObscureIQ ↗

SensitivityRestricted

Breach ID132;133

StatusConfirmed

📝 Executive Summary

Ashley Madison, an extramarital affairs dating platform operated by Toronto-based Ruby Corp. (then called Avid Life Media), was breached in July 2015 by a hacker collective calling itself The Impact Team. The attackers exploited security misconfigurations, including hardcoded credentials in the site's source code and the use of weak MD5 password hashing alongside stronger methods, allowing them to move through internal systems and extract more than 60 gigabytes of data. When the company refused their demand to shut down the platform, the attackers released the data publicly. Approximately 32 to 38 million user records were exposed. The exposed data included real names, home addresses, email addresses, phone numbers, dates of birth, sexual orientation, payment histories, security questions and answers, and detailed website activity. Because Ashley Madison was built around the premise of discretion for people seeking affairs, the combination of real identity and behavioral data was exceptionally sensitive. Affected individuals faced targeted extortion attempts, public exposure of private conduct, and severe personal consequences. Multiple suicides were documented and directly linked to the breach. Canadian and Australian regulators launched formal investigations. A CAD $578 million class action lawsuit was filed against the company. The U.S. Federal Trade Commission reached a settlement with Avid Life Media in 2016 that required the company to undergo independent security audits for 20 years. The company was also found to have operated fake female profiles to drive male user engagement. For anyone affected by this breach: do not pay extortion demands, as payment rarely stops further contact and may invite escalation. If you are in crisis, please contact the 988 Suicide and Crisis Lifeline by calling or texting 988.

🏢 About Ashley Madison

Ashley Madison is a dating service built around one premise: that people in relationships want to meet other people in relationships. Ruby Corp., a Toronto company formerly called Avid Life Media, runs the platform. It operates in more than 50 countries. It has tens of millions of registered users. The business model is credits-based. The promise is discretion.

Sensitive Relationship Platform | Extramarital and discreet relationship services | Discreet affairs platform | Global

Private CompanyCanada / Globalashleymadison.com

🗂 Why They Hold Your Data

Discreet affairs platforms collect highly sensitive account data, profile details, messages, sexual-interest signals, payment-adjacent records, and relationship-intent activity tied to extramarital behavior.

📰 Recent Developments

The 2015 breach broke something the company couldn't fully repair. Avid Life Media rebranded as Ruby Corp. in 2016. The old name was too heavy to carry. Leadership turned over. The platform kept running. By 2025, the company describes its membership as growing. It says little else publicly.

🔍 Data Points Exposed

14 verified field types:

Password

Phone Number

Name

Home Address

Sexual Orientation;Dates of birth

Ethnicities

Genders

Names

Passwords

Payment histories

Phone numbers

Physical addresses

Security questions and answers

Sexual orientations

Usernames

Website activity

Exposure Categories

LocationPHYS ADDR

Canonical Fields

activity_history:website_activity, date_of_birth, email_address, ethnicity_or_race:ethnicity, full_name, gender, password, phone_number, physical_address, physical_address:home, security_qa, sexual_orientation, transaction_history:payment, username