Customers of the popular infidelity site, who promised discreet encounters for married people, are in hot water after Ashley Madison was hacked. The cheating website, which goes by its rubric "Life is short. Have an affair," was breached by programmer geeks who called themselves Impact Team.
According to KrebsonSecurity, large caches of data from the said online cheating site was stolen and posted online by an individual or group of persons who claims that they have invaded the company's user database, financial records and other proprietary information. Thirty-seven million users, who enjoy the site's hookup services, are on the verge of destruction as the hacker or hackers gradually post the breached data.
The data that was released also include sensitive information from Avid Life Media (ALM), the Toronto-based firm that owns and operates AshleyMadison and other sites that offer the same services such as Cougar Life and Established Men.
KrebonSecurity reports that the intruders were triggered to leak the information after ALM misled their customers that there is an option for them to delete their data completely. The Impact Team revealed that ALM gained $1.7mm in revenue with their Full Delete feature which the group described as a lie, given that the system does not actually scrub their customer's data completely.
In a statement released by ALM, the company apologized and reassured users of their service to stop the attack. "We apologize for this unprovoked and criminal intrusion into our customers' information. The current business world has proven to be one in which no company's online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies."
Aside from the leaked account data, hackers also exposed maps of internal company servers, employee network account information, company bank account and payment information for its employees.
The hackers demand ALM to take down Ashley Madison and Established Men permanently, otherwise they will release its customer s’ records, sexual fantasies with its matching credit card transactions which includes the customers’ real name and address, employee documents and emails, according to TIME.
"Too bad for those men, they're cheating dirtbags and deserve no such discretion," the hackers are obviously not pleased with the site's intention. The Impact Team went further by despising ALM, "Too bad for ALM, you promised secrecy but didn't deliver. We've got the complete set of profiles in our DB dumps, and we'll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people."
On the other hand, the attackers issue an apology to ALM's director of security, which appears to be more of a sarcasm, "Our one apology is to Mark Steele ,Director of Security. You did everything you could, but nothing you could have done could have stopped this."
Biderman did not share the specifics of their investigation, which he described as "ongoing and fast-moving," as per Krebsonsecurity. However, the CEO revealed that they are close to identifying the culprit as he hinted that he has a copy of their profile and work credentials. Moreover, he affirmed that the culprit is not an employee but someone who just happened to touch their technical services.
This incident comes less than two months after another hookup site, AdultFriendFinder, was attacked by intruders. Its data were also leaked online, according to CNN Money.