Wired reported that the hackers, who go by the name The Impact Team, posted almost 10 gigabytes of user data on the dark web Tuesday.
UPDATE: Experts speaking to The Huffington Post say the data dump appears to be authentic. "It's entirely reasonable to assume that this data is legitimate unless it can be proven to the contrary," security specialist Troy Hunt told The Huffington Post.
Avid Life Media, the company behind Ashley Madison, confirms to Reuters that some data has been leaked online by hackers. The company also repeated its claim that it never stored credit card data online.
The files reportedly include information for 32 million users, including login information, addresses, credit cards and phone numbers. Ashley Madison advertises itself as "the most famous name in infidelity and married dating" on its website. It has 36 million members in 46 countries, Business Insider reports.
Avid Life Media (ALM), the parent company of Ashley Madison and Established Men, another site the hackers also demanded be shut down, released a statement slamming reports of the hack to The Huffington Post Canada on Tuesday.
"The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeking fit to impose a personal notion of virtue on all of society," it said.
"We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law."
Established Men matches "ambitious and attractive young women with successful and generous benefactors to fulfill their lifestyle needs," its site said.
The Impact Team demanded that ALM shut both sites down last month.
It threatened to "release all customer records, profiles with all the customers' secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses, and employee documents and emails," according to a statement posted on cyber security blog Krebs on Security.
ALM did not comply with the hackers' demands, and reassured users that its sites had been secured.
The hackers reportedly released their own statement with the data dump on Tuesday:
Security site CSO noted that more than 15,000 email accounts associated with the Ashley Madison site have either a .gov or .mil handle, suggesting they're either U.S. government or military addresses.
A graphic posted by CSO showed that a significant number of the addresses ended in us.army.mil, the URL for the United States Army's official website.
Twitter users analyzing the dump also found several addresses that appeared to be linked to the U.K. government.
Wired noted that Ashley Madison does not require users to verify their email addresses when signing up. It is therefore possible that many weren't using their own accounts.
Update: A security expert said email lists posted online to site 4chan should not be taken at face value, according to The Huffington Post UK.
Here is Avid Life Media's statement in full:
"Last month we were made aware of an attack to our systems. We immediately launched a full investigation utilizing independent forensic experts and other security professionals to assist with determining the origin, nature, and scope of this attack. Our investigation is still ongoing and we are simultaneously cooperating fully with law enforcement investigations, including by the Royal Canadian Mounted Police, the Ontario Provincial Police, the Toronto Police Services, and the U.S. Federal Bureau of Investigation.
"We have now learned that the individual or individuals responsible for this attack claim to have released more of the stolen data. We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort. Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.
"This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.
"Every week sees new hacks disclosed by companies large and small, and though this may now be a new societal reality, it should not lessen our outrage. These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives. Regardless, if it is your private pictures or your personal thoughts that have slipped into public distribution, no one has the right to pilfer and reveal that information to audiences in search of the lurid, the titillating, and the embarrassing.
"We know that there are people out there who know one or more of these individuals, and we invite them to come forward. While we are confident that the authorities will identify and prosecute each of them to the fullest extent of the law, we also know there are individuals out there who can help to make this happen faster. Anyone with information that can lead to the identification, arrest, and conviction of these criminals, can contact firstname.lastname@example.org."