Ashley Madison, a dating website that helps married people cheat on their spouses has been hacked by a group calling themselves The Impact Team. The group has now threatened to expose personal details about 37 million users of the website unless Avid Life Media (ALM), its parent company, takes down its website, as well as ALM’s other dating site, Established Men.
In a statement obtained by computer security expert Brian Krebs, The Impact Team warned: “Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.
The other websites may stay online.”
The reason the group, or hacker, carried out the attack is the company’s Full Delete product which offers customers a way to wipe away evidence of them having used the company’s websites for $19 (£12.20), a service which the hacker claims earned ALM $1.7m in 2014 despite the service not doing what it promises:
“Full Delete netted ALM $1.7m in revenue in 2014. It’s also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
Ashley Madison chief executive Noel Biderman confirmed the hack and said his firm was “working diligently and feverishly” to get the revealing information taken down off the internet. “We’re not denying this happened,” Biderman said. “Like us or not, this is still a criminal act.”
This morning, Ashley Madison said it had employed a team of security experts to “determine the origin, nature, and scope of this incident”. “We apologize for this unprovoked and criminal intrusion into our customers’ information,” a spokeswoman said.
The hack comes just two months after another dating site, AdultFriendFinder was hacked and comes as Ashley Madison was considering a $200 million IPO on the London exchange later this year.
Source: KREBS Security
