Cheating spouses beware. The tagline “Life is Short, Have an Affair” has Ashley Madison users worrying whether their adulterous affairs will be exposed in yet another reported data breach, according to the South Florida Reporter on Monday. Hackers have threatened to leak the full details—names, addresses, sexual fantasies and nude photos— of 37 million Ashley Madison users worldwide if demands to disable the website are not met.
Branding themselves “The Impact Team,” hackers have posted a small sample of sensitive data stolen from Avid Life Media, the company that owns Ashley Madison, along with other hookup websites such as Cougar Life and Established Men. The sensitive data was accompanied by a statement demanding the takedown of websites Ashley Madison and Established Men.
While the Ashley Madison website appeared to be working normally late Monday, that was not the case a day earlier as hackers had allegedly taken over the site posting a message meant to instill fear among millions of cheating spouses.
“We are the Impact Team. We have taken over all systems in the entire office and production domains, all customer information databases, source code repositories, financial records, emails,” the message said, before going on to demand that Ashley Madison, as well EstablishedMen.com be shut down.
“Shutting down AM and EM will cost you, but non-compliance will cost you more,” the message continued. “We will release all customer records, profiles with all customers’ secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses, and employee documents and emails.”
Avid Life Media, which owns Toronto-based cheating website AshleyMadison.com – among others – called the attack an “act of cyberterrorism” and vowed to hold those behind the security breach responsible for their actions.
“We apologize for this unprovoked and criminal intrusion into our customers’ information,” Ashley Madison indicated in a prepared release. “We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place.”
Speaking to Brian Krebs and the online security blog KrebsOnSecurity, ALM Chief Executive Noel Biderman confirmed the hack, condemned it as a “criminal act,” and indicated that Ashley Madison was working hard to have the data removed from the Internet.
“The psychosocial consequence of releasing this personally identifiable information can potentially have a destructive affect upon many of these AshleyMadison users,” Ruth Swissa Kline, clinical director for Bridges to Change, in Fort Lauderdale, told South Florida Reporter. “Many of these cheating spouses may have behavioral health needs or sexual addictions and be at risk even under threat of exposure.”
“The Impact Team” claimed to have hacked Ashley Madison to expose alleged false statements given customers about a service that allowed members to erase profile information for a $19 fee. The hackers allegedly pose as “the good guys,” campaigning against a lying company possessing a treasure trove of personal information, credit card details and e-mail addresses.
Avid Life, early Monday refuted the allegations about the “paid-delete” option on Ashley Madison, stating:
“The ‘paid-delete’ option offered by AshleyMadison.com does in fact remove all information related to a member’s profile and communications activity,” it said. “The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes.”
In light of the cyber-attack, Ashley Madison said it was offering its full-delete option – otherwise known as a hard delete option – free to any member and noted that it was taking “every possible step towards mitigating the attack.”
“Our team has now successfully removed all the posts related to this incident as well as all personally identifiable information about our users published online,” Ashley Madison indicated in a prepared release. “Our team of forensics experts and security professionals, in addition to law enforcement, are continuing to investigate this incident.”
The Ashley Madison security breach comes about two months after dating site AdultFriendFinder.com suffered a similar cyber-attack.
“While these cheating spouses may not escape the consequences of their adulterous actions, they did have an expectation of privacy in using the Ashley Madison website,” concluded Swissa Kline.