Ashley Madison has been hacked leaving users records of 37 million users at the mercy of hackers who are not satisfied with the site's 'full delete' feature.
Ashley Madison (AshleyMadison.com) becomes the latest victim of a vicious cyberattack, as hackers have stolen and leaked personal information from the online dating site. The international dating site claims to have 37 million users, which goes by the tagline: “Life is short. Have an affair,” essentially promotes married users to have extramarital relationships.
The Online infidelity site was breached by a hacker group called ‘Impact Team’, who claim to have complete access to the company’s database, which not only includes personal user information, but also financial details and other sensitive information.
The hack has been confirmed by Avid Life Media, Inc., which is the parent group for Ashley Madison, along with two other dating sites Cougar Life and Established Men, who’ve also had their data compromised.
“We apologize for this unprovoked and criminal intrusion into our customers’ information,” said ALM.
As of now, the hacker group has leaked just 40MB of data, which includes credit card details along with sensitive ALM documents. Information security journalist Brian Krebs initially broke the news of the hack, while the company claims the hacked material to be genuine and is currently trying to remove the leaked information. Though, the Impact Team says this is just the beginning as it attached a memo with the leaked data threatening to release further information and are demanding the closure of Ashley Madison and Established Men.
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online,” reads the hacker group’s statement.
Impact Team alleges that the site charges users a fee of $24 if they want to carry out a ‘full delete’ of their profiles in case they wish to leave the site. Users do have the option to permanently hide their profile free-of-cost, though the company’s advertisement claims that a ‘full delete’ service is the only way for users to get rid of their profile information completely off the system servers.
ALM now claims that it has identified the culprit behind the attack, which might be an inside job.
“We’re on the doorstep of confirming who we believe is the culprit, and unfortunately that may have triggered this mass publication. I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services,” said the company’s chief executive, Noel Biderman.
The recent attack on Ashley Madison is yet another breach on online dating sites, who off-late have been facing the brunt of criticism for their lack of initiative towards preserving personal user records. Back in May, online dating site Adult Friend Finder was hacked where personal user information and sexual preferences of over 3.9 million members were allegedly compromised.