Hackers have stolen personal information from online international infidelity site Ashley Madison.
The site, which encourages its members to cheat on their partners, boasts 37 million members, all of whom may be ruing the day they signed up with a service which says “Life is short. Have an affair”.
According to Brian Krebs, those responsible – known as The Impact Team – claim to have compromised… everything. That’s databases, financial records and other data.
Not only that, the group has also begun leaking some of that data on the web, including maps of internal servers, company bank account data and employees’ salary information.
Customer data appears to be safe for now but The Impact Team has threatened to dump everything it has if Avid Life Media, the company behind Ashley Madison, fails to close the site, along with another of its web properties, Established Men.
Should such a disclosure of personal information come to pass, the consequences for actual and wannabee cheating spouses could be severe – the data likely to be leaked apparently includes names and addresses, credit card transactions and secret sexual fantasies.
The Impact Team has taken this course of action, it says, because Avid Life Media allegedly lied about a service charge. Membership of the site is free, as is partial deletion of profiles, but a full delete costs $19 (around £12).
This service, the hackers say, has not been provided to those who have paid up. Instead, the group claims names, addresses and usage histories remain, even after the fee has been paid.
In a statement Avid Life Media Inc confirmed the breach, saying:
We were recently made aware of an attempt by an unauthorized party to gain access to our systems. We immediately launched a thorough investigation utilizing leading forensics experts and other security professionals to determine the origin, nature, and scope of this incident.
We apologize for this unprovoked and criminal intrusion into our customers’ information. The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.
We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world. As other companies have experienced, these security measures have unfortunately not prevented this attack to our system.
Avid Life Media says it has now successfully removed all hack-related posts and PII about its users by invoking the Digital Millennium Copyright Act. Investigation of the incident continues it says:
At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber–terrorism will be held responsible.
How good the security at Ashley Madison is, we do not know, but what is for sure is that data breaches are either becoming more frequent or are being reported far more often. We can also say that, whatever you think of the service the site provides, the attack is still an illegal action, however well-intentioned those behind it may perceive themselves to be.
@jeffreycarr combine the data from OPM with that of AshleyMadison and I think we could be in for an interesting ride
— BrianHonan (@BrianHonan) July 20, 2015
The latest breach of an adult-orientated site comes two months after Adult Friend Finder suffered a similar fate and the advice for anyone potentially affected this time around is the same – be on your guard for an increase in spam email, identity theft, carefully crafted phishing emails and even potential blackmail attempts.