Ashley Madison — tagline “Life Is Short. Have An Affair” — is an online site that facilitates cheating among its 37 million users, 1.2 million of whom are from the UK. It’s a service founded on confidentiality and privacy, which now seems to have all of its data in the hands of hackers. They’re demanding the company take down the site, or they’re going to out a lot of adulterers.
The hackers, going by the name “The Impact Team”, posted a small sample of sensitive data stolen from Avid Life Media, the company that owns Ashley Madison, along with other hookup sites Cougar Life and Established Men. The data was accompanied by a statement, demanding the takedown of AshleyMadison and Established Men. If that doesn’t happen, the hackers are threatening to leak the full details — names, addresses, sexual fantasies — of AshleyMadison’s 37 million users.
Speaking to security blog KrebsOnSecurity, ALM Chief Executive Noel Biderman confirmed the hack, condemned the “criminal act”, and said the company was working hard to have the data taken down.
Impact Team message, via KrebsOnSecurity
The Impact Team’s beef with Avid seems to lie with the Full Delete feature offered by Ashley Madison: a $19/£12 service that allows users of the site to erase their profile, and all accompanying information. According to The Impact Team, that service is a lie. It claims that although profile information is removed, credit card details (including real name and billing address) remain online.
That frames the hackers as the good guys, campaigning against a lying company; of course, a trove of personal information, including credit card details, can be worth serious money to the right people.
It goes without saying that this is one of the worst data leaks imaginable. Not only does it have the usual problems of identity fraud, but if the full list of Ashley Madison’s users hits the internet, that’s a lot of adulterers outed. [KrebsOnSecurity]