WASHINGTON, DC, USA – Millions of people who used the “have an affair” website Ashley Madison faced exposure Monday, July 20, after a breach by hackers seeking to shut it down.
The latest high-profile cyberattack hit the Canadian company known for making a business from adultery seekers, with the hackers threatening to leak private data.
Avid Life Media, which owns Ashley Madison, said that an “unauthorized party” was able to gain access to the data through various unauthorized points on the website.
A group calling itself “the Impact Team” claimed responsibility and said it was part of an effort to shut down Ashley Madison, known for its slogan, “Life is short. Have an affair.” (READ: Will cheating website Ashley Madison thrive in conservative PH?)
The hacker group, in statements posted online, said that Ashley Madison and a related site called Established Men “must shut down immediately permanently.”
“Shutting down AM and EM will cost you, but non-compliance will cost you more,” the statement said.
“We will release all customer records, profiles with all the customers’ sexual fantasies, nude pictures and conversations and matching credit card transactions, real names and addresses.”
Avid Life said some personally identifiable information was posted online before being removed.
“Our team has now successfully removed the posts related to this incident… about our users published online,” Avid Life Media said.
“At this time, we have been able to secure our sites, and close the unauthorized access points,” the company said.
“We apologize for this unprovoked and criminal intrusion into our customers’ information.”
The company said it was now offering members a “full delete” of their profiles in light of the attack. Previously members had to pay to remove their profile data.
“The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes,” the company said.
Ashley Madison, which boasts more than 33 million users, helps people who are in relationships cheat on their partners.
With its other dating services, Avid Life says it is Canada’s largest dot-com with some 40 million members.
It said it has “stringent security measures in place, including working with leading IT vendors from around the world.”
“These security measures have unfortunately not prevented this attack to our system,” Avid Life added.
The company said it was working with law enforcement over the breach and that those responsible for the “act of cyberterrorism will be held responsible.”
Users in more than 46 countries subscribe to the cheating website, which was founded in 2001.
The company said a new user joins every 6 seconds, and that it is “the world’s largest website for married men and women looking to have a discreet affair.”
The incident is the latest in a series of high-profile data breaches affecting companies as well as government databases.
It comes two months after a leak of stolen data from 3.9 million members of Adult FriendFinder, which claims to be “the world’s largest sex and swinger” community.
‘Attractive for blackmail’
Will Gragido, of the security firm Digital Shadows, said the breach “seems typical of today’s more extortion and ransom-focused attacks.”
“Certain types of data and online behavior are simply too attractive for blackmail purposes,” he added.
Gragido also worried it could be an “ominous” incident if others follow the same pattern.
“It takes us down a slippery slope: What type of business will adversaries deem ‘objectionable,’ next and demand its closure — in addition to holding its customers hostage with their stolen, personal information?” he said.
Toronto-based Avid Life said recently it was considering a stock flotation to help grow the business, which also includes the website for women called Cougar Life, aimed at the “recently divorced, single mom or sexy single still on the prowl.”
Avid Life chief executive Noel Biderman told security blogger Brian Krebs the company was close to identifying the source of the breach.
“It was definitely a person here that was not an employee but certainly had touched our technical services,” he was quoted as saying. – Rob Lever, AFP/Rappler.com