A group of hackers has come forward with claims that they were able to hack into adultery website AshleyMadison.com, which is owned by Avid Media, a company that also owns hookup sites CougarLife.com and EstablishedMen.com. Ashley Madison is an online dating service that caters to married individuals who are looking to engage in extramarital affairs.
A hacker group called the Impact team is threatening to leak the confidential and personal information of the site’s 37 million users to the public. To back up their claims, the hackers have already posted packets of data online that contain the bank account and salary information of some of Avid Life Media’s employees.
The hack poses a considerable business risk for the Toronto based company. A spokesperson for Avid Media claims that they were able to address the security breach and close off the unauthorized access points that the hackers used through the help of “one of the world’s top IT security teams.” The company also claims that all “Personally Identifiable Information” was deleted from their system in the wake of the hacking incident and is presently working with law enforcement agencies that are now conducting an investigation to look into the matter further.
The Impact Team is threatening to release every piece of data that they’ve gathered on Ashley Madison’s 37 million subscribers during the hack, including details of each user’s secret sexual fantasies, real names, residential addresses and credit card transactions. They are also threatening to expose Avid Life Media’s confidential emails and employee information if they do not remove Ashley Madison and Established Men from the web permanently.
The hack itself originated from the websites “full delete feature,” which supposedly allowed users to completely erase their profiles from the site for a $19 fee. The hackers claim that this feature does not completely delete a users footprint through the site and that the company retains all of this information since database information often ends up in several locations, including test databases, backup databases and even marketing databases.
Robert Beggs, a Technical Manager at PriceWaterHouseCooopers, stated, ”It’s reasonable to expect that any profile information on a site like Ashley Madison would be removed, but a user’s credit card information legally has to be kept on file for up to seven years, which can be linked to a person’s name.”
Avid Media discounts the claim that the full delete feature doesn’t work as advertised. It is now being offered to site users for free, although it’s unknown at this time for how long.
In their manifesto published by Krebs on Security, the Impact Team claimed that “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
This is not the first time an adult website has been the victim of a hacking. Back in May, AdultFriendFinder.com was targeted, and the information of approximately 3.5 million accounts was leaked online. Continue reading