Heh. If I were Ashley Madison, and I wanted to create plausible deniability for people in the real dataset, you know what I'd do? I'd create and "leak" a bunch of other datasets with generated data, and data pilfered from other hacks, to muddy the waters. "Oh, my name's in there? That must be faked up data from the Playstation Network hack years ago. Of course I'd never sign up to Ashley Madison, Mr Journalist."
I haven't seen the dataset. Is there material there that confirms its legitimacy? Are we entirely sure that this isn't just opm, target, home depot, tjx, etc? (Edit: sounds like full dataset dump: https://news.ycombinator.com/item?id=10083656)
"sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database."
That's ambiguous, and the article indicates that there is considerable doubt as to the authenticity of this purported leak, along with a history of known fakes.
Even beyond that, the article mentioned that the emails were never verified, so it sounds like any could use any name and email to establish an account.
I'm sure this means trouble for some people, but there seems to be highly plausible deniability.