Source: Krebs on Security A recent hack at Ashley Madison, an online cheating website, could expose the personal information of 37 million users. According to Brian Krebs, who broke the story on his blog, a group of hackers known as The Impact Team have all ready released some sensitive internal data stolen from Avid Life Media (ALM), a Toronto-based company that owns Ashley Madison as well as other hookup services including Cougar Life and Established Men. This information is approximately 40 MB in size and includes customers' credit card details as well as ALM internal documents. However, The Impact Team's data leak may only be a precursor of what is to come. As part of a post announcing the hack, the group warned:
"Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online."
The Impact Team has ostensibly made this demand in response to Full Delete, a service offered by Ashley Madison that offers users the ability to delete their information from the website's servers for USD $19.00. This service does not function as promised, however, according to the group:
“Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed," writes The Impact Team. “We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
ALM CEO Noel Biderman has confirmed the attack against Ashley Madison and has revealed that his security teams are closing in on the responsible party. It is believed this individual is not an employee but someone who "touched" the company's "technical services." In the meantime, ALM has released a statement in an attempt to reassure its users:
"We have always had the confidentiality of our customers' information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world," ALM explains. "As other companies have experienced, these security measures have unfortunately not prevented this attack to our system. "At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber–terrorism will be held responsible."
This hack follows on the heels of several other attacks against dating/cheating websites, including Cupid Media back in 2013 and Adult Friend Finder more recently. Ashley Madison was the second most popular dating-related website back in April, according to TechWorld, beaten out only by Match.com. The website is planning an initial public offering in London later this year.
