Newitz examined several factors to get to that conclusion. First, she checked email addresses and found around 10,000 accounts that use the ashleymadison.com domain, which is a sure sign that they're fake. Next, she discovered that 68,709 female profiles were created from a single IP: 127.0.0.1. That means they were created from a "home" computer located within the company's HQ. She also found out that the most common surname on the website for women is an unusual one identical to an ex-employee's.
What truly convinced Newitz, though, is a data field marked "mail_last_time." It shows a time stamp of the last time a member has checked his/her inbox, and she found that only 1,492 women ever checked theirs. In addition to confirming that the website's real users are "paying for a fantasy," she also confirmed that accounts marked <paid_delete> still have all their data intact despite people paying to have them nuked.
Here's the silver lining, if you're a user: 12,108 deleted accounts belonged to women, and since people have to pay to get themselves deleted, it indicates that real women (or those pretending to be one, anyway) used the site at one point. At the moment, Ashley Madison is doing what it can to catch its hackers, even offering a $376,000 bounty for info that leads to their arrest.
[Image credit: James Maskell/Flickr]