Monday, July 20 – A group of hackers called The Impact Team has hacked into dating/affair website Ashley Madison. They hacked in and released personal details of millions of the sites users.
Ashley Madison is a controversial site whose slogan is “Life is short. Have an affair”. It helps connect individuals looking to have encounters with others outside of their marriage. The Canadian company is owned by Avid Life Media (ALM) which also partners with dating websites like Cougar Life and Established Men.
The Impact Team, while saying the “cheating dirtbags” don’t deserve discretion, claim that their motivation didn’t completely come from Ashley Madison’s core philosophy. The hackers had a problem with the sites “paid delete” feature. For $19 the site claims to remove “site usage history and personally identifiable information from the site”. This feature on the website garnered over $1.7 million in revenue last year.
The statement left on the website by hackers claimed that the feature is misleading. They claimed:
“Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
Thus far The Impact Team has leaked about 40MB of data – some of which included credit card information and internal ALM files – but they claim to have even more data to release. They have threatened to release the remaining data unless the website Ashley Madison is fully taken down. Their threat reads:
“We are the Impact Team. We have taken over all systems in the entire office and production domains, all customer information databases, source code repositories, financial records, emails. (…) Shutting down AM and EM will cost you, but non-compliance will cost you more. (…) We will release all customer records, profiles with all customers’ secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses, and employee documents and emails.”
Of course, ALM responded in a statement this morning. They confirmed that there was a hacking situation but denied the shortcomings of their paid delete feature. They said:
“Contrary to current media reports, and based on accusations posted online by a cyber criminal, the ‘paid-delete’ option offered by AshleyMadison.com does in fact remove all information related to a member’s profile and communications activity.”
They also made a second statement to The Post which read:
“Following the earlier unprovoked and criminal intrusion into our system, Avid Life Media immediately engaged one of the world’s top IT security teams – with whom we have worked in the past – to take every possible step toward mitigating the attack. Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online. We have always had the confidentiality of our customers’ information foremost in our minds and are pleased that the provisions included in the DMCA have been effective in addressing this matter.”
It is unclear how many people had access to the leaked information but ALM reassures users that their “team of forensics experts and security professionals, in addition to law enforcement, are continuing to investigate this incident.”