Hackers are demanding that the popular adultery website Ashley Madison is shut down… or they will release a database containing details of its 37 million users, information about employees and salary and bank account information.
In other words, if you have ever signed up for the Ashley Madison website, there is a chance that your name, address, and sexual peccadillos may now be in the hands of hackers – and might soon be made public.
The hackers, however, have no sympathy for the people who might be exposed by the theft of the database: “Too bad for those men. They’re cheating dirtbags and deserve no such discretion.”
The news of the hack, confirmed in a press release released on the wires earlier today, was first broken by security blogger Brian Krebs who found portions of the stolen data posted on the internet by a group calling itself The Impact Team.
' We are the Impact Team '. pic.twitter.com/IDGpvPnH1m
— Thadeus Zu (@deuszu) July 20, 2015
We are the Impact Team.
We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails
Shutting down AM and EM will cost you, but non-compliance will cost you more: We will release all customer records, profiles with all the customers’ secret sexual fantasies, nude pictures and conversations and matching credit card transactions, real names and addresses, and employee documents and emails. Avid Life Media will be liable for fraud and extreme harm to millions of users.
Avid Life Media runs Ashley Madison, the internet’s #1 cheating site, for people who are married or in a relationship to have an affair. ALM also runs Established Men, a prostitution/human trafficking website for rich men to pay for sex, as well as cougar life, a dating website for cougars, man crunch, a site for gay dating, swappernet for swingers, and the big and the beautiful, for overweight dating.
Trevor, ALM’s CTO once said “Protection of personal information” was his biggest “critical success factors” and “I would hate to see our systems hacked and/or the leak of personal information”
Well Trevor, welcome to your worst fucking nightmare.
Further messages posted by the hackers suggest that the attack was inspired by outrage at claims the company was charging a fee for account deletion.
Avid Life Media’s CEO Noel Biderman told Brian Krebs that it was possible a former employee or contractor might have been responsible for the hack, abusing access to the company’s systems which should have been revoked when their work for the company finished:
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
To be frank, whether it was a remote hacker or a rogue contractor is going to be little comfort for those who might be about to have their membership of the Ashley Madison website exposed.
Whatever you might think of sites like Ashley Madison and Adult Friend Finder, and the morals of their users, I am far from convinced that they deserve to be hacked. It is clear that revealing the personal information of millions of site users could lead to further harm and criminal acts.
Avid Life Media, the owners of the Ashley Madison website and other sites of a similar nature such as Cougar Life and Established Men, said in its press release that it was working with law enforcement to investigate the breach, and offered an apology to users:
We were recently made aware of an attempt by an unauthorized party to gain access to our systems. We immediately launched a thorough investigation utilizing leading forensics experts and other security professionals to determine the origin, nature, and scope of this incident.
We apologize for this unprovoked and criminal intrusion into our customers’ information. The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.
We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world. As other companies have experienced, these security measures have unfortunately not prevented this attack to our system.
Well, if the company really wants to apologise to its users it might be a good idea to do it someplace where the users might see it.
The official announcement that a data breach has occurred hasn’t yet reached the press release section of the Ashley Madison website, nor is any warning displayed on the Ashley Madison homepage.
Maybe Ashley Madison is warning users of the potential risk if they log into the site.
I can’t confirm if that’s the case or not as (fortunately) I’m not a user of their “Life Is Short. Have An Affair” service. Frankly, I’d rather not create a test account just in case Mrs Cluley ever checks out my internet history…
News of the hack attack doesn’t come at a good time for Avid Life Media, which has reportedly been planning to float on the stock exchange.
A hack like this will hardly boost the confidence of those in the city considering betting on company’s financial future.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.