A hacking group calling itself The Impact Team is threatening to expose the identities of 37.5m users of notorious extramarital dating website Ashley Madison
Ashley Madison, the website for people seeking extramarital affairs, has suffered a major cyberattack, with hackers threatening to expose the names of adulterers unless the site is taken offline.
The controversial on-line dating agency which has 37.5m users – including 1.2m Britons – carries the tagline: “Life Is Short. Have An Affair”. The service is founded on confidentiality and privacy, claiming to be a “100pc discreet service” and boasting a “Trusted Security Award” on its homepage.
The hackers, going by the name “The Impact Team”, posted a small sample of sensitive data, along with a statement demanding the takedown o Ashley Madison and Establishment Men an online dating site that claims to connect “young, beautiful women with successful men”. The data and the statement have since been taken offline.
Avid Life Media, the company that owns Ashley Madison, confirmed the hack and apologised for “this unprovoked and criminal intrusion into our customers’ information”.
“We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world,” the company said in a statement.
“As other companies have experienced, these security measures have unfortunately not prevented this attack to our system.”
The Impact Team said it decided to publish the information in response to alleged lies Avid Life Media told its customers about its “full delete” feature, which allows members to completely remove their profile information for a $19 fee.
According to the hackers, although Ashley Madison promises “removal of site usage history and personally identifiable information from the site,” credit card details – including real name and billing address – remain online.
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms,” said The Impact Team in a statement seen by Krebs onSecurity if their demands are not met, the hackers are threatening to “release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails”.
Avid Life Media said it has now removed the all posts related to the hack, as well as all personally identifiable information about its users published online, under the Digital Millennium Copyright Act. It is also working with forensics experts, security professionals and law enforcement agencies to investigate the incident.
“Any and all parties responsible for this act of cyber–terrorism will be held responsible,” it said. “We will continue to provide updates as they become available.”