Ashley Madison, the dating network for those who are looking for casual sex or to cheat on their significant other, has reportedly been hacked. The hack is said to have compromised the user databases, financial records and private details of the service’s owners and 37 million users.
Security researcher Brian Krebs first reported the leak last night, which was subsequently confirmed by Noel Biderman, the CEO of Avid Life Media. The company runs Ashley Madison and two other sites for users to arrange sexual liaisons — Cougar Life and Established Men.
Avid Life Media confirmed the breach in a news release:
“We apologize for this unprovoked and criminal intrusion into our customers’ information. The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.
“We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world. As other companies have experienced, these security measures have unfortunately not prevented this attack to our system.”
The company says it has been able to secure its sites, and close the unauthorized access points. They are working with law enforcement agencies, which are said to be investigating the breach as a criminal act.
A hacker or hacker group calling itself The Impact Team claimed to be behind the breach. The attackers are threatening to release “all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails,” unless the Ashley Madison and Established Men sites are taken offline. The group said the other ALM sites may remain online.
The Impact Team struck out at ALM business practices. Ashley Madison offers a “full delete” feature where it will scrub its records of a users payment and address details, for a $19 fee. The group’s manifesto says Full Delete netted ALM $1.7 million in revenue in 2014, also saying the information is not fully deleted as promised.
The group attempted to shame the service’s users who use it to have extra-marital affairs. “Too bad for those men,” the document reads. “They’re cheating dirtbags and deserve no such discretion.” Ashley Madison bills itself as “the internet’s number one cheating website.” The group had the most venomous words for the “Established Men” site, calling it “a prostitution/human trafficking website for rich men to pay for sex.”
The ALM sites aren’t the first of their kind to be hit by a data breach, as Adult FriendFinder was hacked earlier this year, revealing the personal details and sexual preferences of 3.5 million people. That hacker, who went by the pseudonym ROR[RG], threatened to release all information from the hack unless he was paid $100,000.