Ashley Madison Hacked, Millions of Adulterers’ Details at Risk
Ashley Madison, a website infamous for being a mainstream portal encouraging extra-marital affairs, has been hacked. The website claims to have more than with nearly 37 million registered users. The unknown individual and/or hacking group behind the cyber attack are threatening to expose the personal data of millions of users unless certain demands are met, according to numerous sources including Time.
The news story was first reported by cyber crime reporter and enthusiast Brian Krebs on his security blog.
Users are “cheating dirtbags and deserve no discretion”, according to the hackers.
Extra-marital users’ data breach that could prove extra embarrassing
Avid Life Media (ALM) is a Canadian company that owns Ashley Madison, Cougar Life, and Established Men, all properties encouraging hookups and extramarital liaisons. The Toronto-based firm was breached by a cyber-attack from an unknown hacker group named The Impact Team.
It wasn’t long before large dumps and caches of stolen data started appearing online. Researchers piling through the caches found:
- Scraps of user data taken from nearly 40 million registered users in all three websites.
- Employee information of those working at ALM.
- Banking information of accounts and more used by ALM.
- The salaries of individual employees at ALM.
- Secretive framework and blueprints of the company’s internal servers.
These are The Impact Team’s demands:
Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.
Offering little sympathy for the registered users on the website, the hacking group added: “Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” before continuing to say, “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. “
The threat didn’t stop there, with the hacking group stating: “And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
The Impact Team also highlighted the website’s “Full Delete” feature which the company assures will completely wipe out all traces of a user’s account and profile from the website for $19. The hacking group says this is a lie.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” said the group. They added that credit card details which include the user’s real name and address remain and aren’t completely removed, despite the “Full Delete” service.
Noel Biderman, ALM’s CEO confirmed the hack when contacted by Krebs.
“We’re not denying this happened,” Biderman said. “Like us or not, this is still a criminal act.”
In May 2015, the Wall Street Journal’s blog had the foresight to speculate about the likelihood of Ashley Madison being a hacker’s target after the breach of AdultFriendFinder, another hookup website not too long ago.
“Given the breach at AdultFriendFinder, investors will have to think of hack attacks as a risk factor,” the WSJ wrote. “And given its business’s reliance on confidentiality, prospective Ashley Madison investors should hope it has sufficiently, er, girded its loins.”
It is still unclear as to how much account data of AshleyMadison users has been posted online. If the hackers’ claims are to be taken seriously, there will be more data dumps published online each day the company remains online. There’s plenty of data to be revealed if all 37 million user accounts’ information has been stolen.
Image from AshleyMadison Website and Shutterstock.