They say cheaters never prosper, and this just might be the proof.
Avid Life Media (ALM), the company that owns AshleyMadison.com, a dating site for married people trying to have extramarital affairs, has been hacked. Now, 37 million users are at risk of not only having personal account information exposed, but also information on the site such as users' profiles and sexual preferences and fantasies.
The group responsible for the hack is called "The Impact Team" and it completed the hack in response to privacy issues within AshleyMadison.com. The site offers a service called "Full Delete" that scrubs all profile information for $19, but The Impact Team is calling its bluff.
It turns out that users' purchase details, including real names and addresses, aren't really deleted at all. The Impact Team posted that while Full Delete made $1.77 million in revenue for ALM in 2014, it's a service that doesn't actually do anything. The group pointed out that most users pay with credit cards and that their credit card information - including real names and addresses - isn't removed as guaranteed.
The Impact Team posted a lengthy list of demands online and wants AshleyMadison, along with similar sites owned by ALM, Cougar Life and Established Men, taken down. Otherwise, the group will release "all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails." The group will be doing this each day that the sites remain online.
Here's an excerpt from the Impact Team's manifesto posted online, to show you how serious they are:
“Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers continued. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
And, here's a screenshot snippet of the Team's message to ALM, as taken by Brian Krebs:
If that's not threatening enough, according to security researcher Brian Krebs, The Impact Team has already leaked "maps of internal company servers, employee network account information, company bank account data and salary information."
ALM Chief Executive Noel Biderman has confirmed the hack and told Krebs, "Like us or not, this is still a criminal act.”
Biderman also hinted that the person responsible may have worked from the inside, telling Krebs, "It was definitely a person here that was not an employee but certainly had touched our technical services,” which was also evidenced by an apology in the manifesto from The Impact Team to ALM's director of security, Mark Steele.
“Our one apology is to Mark Steele (Director of Security),” the manifesto reads. “You did everything you could, but nothing you could have done could have stopped this.”
Want to know more? Here's the official statement from Avid Life Media.
Unfortunately, this isn't the first hack of its kind. Just a few months ago, a similar site with questionable content, AdultFriendFinder, was hacked and information on 3.9 million of its 63 million users has been posted to the Dark Web.