Massive caches of data stolen from the online affair site, AshleyMadison.com, has been leaked online by an individual or group of hackers claiming to have completely compromised the company’s database, financial records among other proprietary information. The leak is still fresh but could be extremely damaging as some 37 million users have used the online cheating site with the slogan that touts “Life is short. Have an affair.”
The data leaked online by the hacker/s, who run under the online group name The Impact Team, contains extremely sensitive internal data stolen from the Avid Life Media (ALM) company. Toronto-based ALM is the firm that owns and operates AshleyMadison, among other social network and dating style sites including Cougar Life and Established Men.
Avid Life Media CEO, Noel Biderman, confirmed late Sunday night that the company has been hacked, and said they are “working diligently and feverishly” to remove ALM’s intellectual property from the internet, KrebsonSecurity reported.
“We’re not denying this happened.” Biderman affirmed. “Like us or not, this is still a criminal act.”
According to those who have combed through the trove of data leaked from ALM’s trio of companies, hackers were also able to steal and leak maps of internal company servers, employee network account information, company bank account data and salary information.
The AshleyMadison hack comes just two months after hackers broke into AdultFriendFinder, another online hookup-style site. The AdultFriendFinder hack puts millions of personal and sexual secrets at risk, even with the risk of blackmail as emails were attached to sensitive account information.
Alongside leaking ALM data, The Impact Team decided to go ahead and publish information in response to alleged lies the company has told its customers, specifically in regards to the the advertised service that the company will completely erase users profile for a fee of $19.
According to hackers, Ashley Madison’s “full delete” feature advertised by the company which promises the “removal of site usage history and personally identifiable information from the site,” is false, and that users who paid the fee didn’t have their real name, addresses or personally identifiable information scrubbed from the database.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” The Impact Team wrote in their initial leak. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
The Impact Team Demands Continue…
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online,” hackers threatened.
It is unclear how much of the stolen AshleyMadison data has been published online or the true scope of the hackers breach. However, at the moment it seems hackers have leaked a small portion of AshleyMadison’s user account data and may plan to sell or leak it at a later date, as hackers threatened if the company keeps the site online.
“Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” hackers continued to write. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
Biderman declined to comment on specifics of the company’s internal investigation, but said it was ongoing and fast-paced. Though Biderman did suggest that the AshleyMadison hack may have been the work on someone who, at one time, had legitimate access to the company’s networks or internal hardware. This could include past, current or former employees as well as contractors.
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said speaking on the possible suspect. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
Numerous of the internal documents released by hackers indicate that ALM was aware of the risk and severity of a data breach. ALM’s Chief Technology Officer (CTO) put down his worst fear was “security,” explaining “I would hate to see our systems hacked and/or the leak of personal information.”
In wake of the AdultFriendFinder breach, many questioned if AshleyMadison was next on the list, and that inevitable time has come.
ALM confirmed the investigation is ongoing and denied to comment on the scope of the breach. Millions of personal and sexual secrets are at risk in the AshleyMadison hack, leaving victims suspect to blackmail and extortion.