The personal records of 37 million users of a site that helps people cheat on their spouses will be released if it doesn’t shut down, hackers have threatened.
Ashley Madison — the dating site that has the tagline “Life is short. Have an affair” — has been hacked and all of the details of its users and owner Avid Life Media have been stolen.
The hackers — calling themselves The Impact Team — are demanding that the site is taken down or all of the details will be leaked. Avid Life Media called the hack "an act of cyber-terrorism".
The group said in a manifesto accompanying the leaks that it had hacked the site as a response to allegations that it was charging users $20 to have their accounts completely deleted. Despite that service making the site huge revenues — $1.7 million in 2014, according to the hackers — Ashley Madison doesn’t actually delete those profiles, The Impact Team alleged.
The group wrote: “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
The group asks that Avid Life Media take down Ashley Madison and another hookup site aimed to set up rich men with women, named Established Men.
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails,” the group writes. “The other websites may stay online.”
Ashley Madison was reported in February to have over a million members in the UK. That is despite the site never showing ads on British television, for fear of offence about their content.
The Ashley Madison hack follows a cyberattack on AdultFriendFinder, another hookup site. That hack also included the details of people who believed that they had deleted their accounts.
In a statement, Avid Life Media said that it had launched a "thorough investigation utilizing leading forensics experts and other security professionals to determine the origin, nature, and scope of this incident".
"At this time, we have been able to secure our sites, and close the unauthorized access points," the company said. "We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber–terrorism will be held responsible."
The company said in a later statement that it had removed the posts by The Impact Team, including identifying information about users that the group had posted to prove that the leaks were genuine.
"Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the all posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online," the team said. "We have always had the confidentiality of our customers’ information foremost in our minds and are pleased that the provisions included in the DMCA have been effective in addressing this matter.
"Our team of forensics experts and security professionals, in addition to law enforcement, are continuing to investigate this incident and we will continue to provide updates as they become available."Reuse content