Ashley Madison hacked and private information might be exposed

Divorce lawyers are set to bang in the big bucks as the world’s leading “affair” driven website Ashley Madison has been hacked and the hackers, also known as “The Impact Team” are threatening to expose their user’s private information.

Ashley Madison data breach hack

The Ashley Madison data breach, reported Sunday by Krebs on Security, could compromise up to 37 million users who patron the adultery site. The Impact Team claims that the data they unearthed includes customer credit card details and “sexual fantasies,” along with sensitive data regarding Ashley Madison servers and employee information.

UPDATE: Hackers release Ashley Madison user data on dark web

It appears that the hackers, dubbed The Impact Team, were protesting a “full delete” service that allegedly erases any trace of your history on the site for just $19. In a manifesto accompanying the data dump, the hacker team argued that Ashley Madison was duping its users, noting that “purchase details are not removed as promised, and include real name and address” and that they would put the site’s many customers on blast if the parent company Avid Life Media (ALM) didn’t halt operations on both Ashley Madison and sister site Established Men. To make this clear, Ashley Madison was charging their customers $19.00 USD to have their information allegedly removed from their companies databases and this was found to be off-putting and misleading by the hacker group.

Because of the threats and security breach Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or the hacker group will release all customer records, including customer profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and home addresses, and employee documents and emails.

“Too bad for those men, they’re cheating dirtbags and deserve no such discretion. Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

ALM assured their users that it had shut down “unauthorized access points” and reinforced security measures in a statement released Monday. The company went on to call the extensive security breach on their website an “act of cyber terrorism” and acknowledged that it was just the latest in a string of recent security breaches. There are also other reports, including a report with a popular CEO of a hosting company shared an email with ALM. In the email ALM essentially bragged about their security and suggested that it would be impossible to hack them.

Ashley Madison and ALM has applogized for this proclaimed “unprovoked and criminal intrusion into our customers’ information.” The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.

“We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world. As other companies have experienced, these security measures have unfortunately not prevented this attack to our system.”

At this time, ALM claims that they have successfully been able to secure their websites, and close the unauthorized access points. They claim that they are working with law enforcement agencies, which are investigating the hacking. They also said that any and all parties responsible for this act of cyber–terrorism will be held responsible.

Additionally, in a statement obtained by The Washington Post, ALM also denied the allegations made by the hackers about its “full delete” option, and announced that it would now offer it for free:

“The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes. This option was developed due to specific member requests for just such a service, and designed based on their feedback.”

So, moral of the story: Don’t have an affair.

Sean Doyle

http://Botcrawl.com

Sean Doyle is an engineer from Los Angeles, California. Sean's primary focuses include Internet Security, Web Spam, and Online Marketing.