ASHLEY Madison, the website for people seeking extramarital affairs, has suffered a major cyber attack, with hackers threatening to expose the names of adulterers unless the site is taken offline.
The controversial online dating company, which has 37.5 million users, carries the tagline: “Life Is Short. Have An Affair”. The service is founded on confidentiality and privacy, claiming to be a “100% discreet service” and boasting a “Trusted Security Award” on its homepage.
The hackers, going by the name “The Impact Team”, posted a small sample of sensitive data, along with a statement demanding the takedown of Ashley Madison and Established Men, an online dating site that claims to connect “young, beautiful women with successful men”.
The data and the statement have since been taken offline.
Avid Life Media, the company that owns Ashley Madison, confirmed the hack and apologised for “this unprovoked and criminal intrusion into our customers’ information”.
“We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world,” it said.
“As other companies have experienced, these security measures have unfortunately not prevented this attack to our system.”
The Impact Team said it decided to publish the information in response to alleged lies Avid Life Media told its customers about its “full delete” feature, which allows members to completely remove their profile information for a $19 (R236) fee.
According to the hackers, although Ashley Madison promises “removal of site usage history and personally identifiable information from the site,” credit card details – including real name and billing address – remain online.
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms,” The Impact Team said in a statement seen by KrebsOnSecurity.
If their demands are not met, the hackers are threatening to “release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and e-mails”.
Avid Life Media said it had now removed all posts related to the hack, as well as all personally identifiable information about its users published online, under the Digital Millennium Copyright Act. It was also working with forensics experts, security professionals and law enforcement agencies to investigate the incident.
“Any and all parties responsible for this act of cyber-terrorism will be held responsible,” it said. “We will continue to provide updates as they become available.”
Earlier this year, Avid Life Media announced its intention to float Ashley Madison on the London Stock Exchange. The online dating company, which calculates its value at $1-billion (R12.45-billion), aims to raise $200-million (R2.59-billion) from the initial public offering and will use the proceeds to fund expansion.