Online Adultery Site Ashley Madison HackedJul 22, 2015
Ashley Madison, an online dating service for people who want to cheat on their spouses, said the site had been breached by hackers who may have obtained personal data about the service's millions of members.
The group behind the attack, which goes by the name Impact Team, said they had stolen information on Ashley Madison's 37 million members. Impact Team said it will release the data if the site is not shut down, the New York Times reports.
The site has long told users that they can scrub their profiles from the site for $19. But the hackers say that the user information is never actually deleted. Security experts said this suggests the breach may have involved someone inside the company. The hackers have leaked some information online already, but that data did not appear to be the bulk of what was collected. Avid Life Media, the corporate parent of Ashley Madison, said on Monday that it had adjusted its policy for deleting user data but the company did not indicate any plans to shut down the site. The company has launched an investigation, "utilizing leading forensics experts and other security professionals to determine the origin, nature and scope of this incident," according to the Times.
Since 2001, Ashley Madison has grown to 37 million accounts, the web site advertises. Anyone 18 or older can join the site for free, using a pseudonym. Only when users start chatting and trading photos do they begin paying fees, the Times reports. Any dating web site can be used for cheating, but Ashley Madison explicitly advertises cheating as a goal, with the slogan, "Life is Short. Have an Affair." That slogan has cost Ashley Madison possibly lucrative deals. Professional football and soccer teams have turned down Ashley Madison sponsorship offers and NBC and Fox rejected Super Bowl ads from Ashley Madison.
Ashley Madison said when members pay $19 for the "full delete" service, all information is erased, but the Impact Team said this does not happen. Avid Life Media promises to erase not only the user's profile but also all associated data. Personal information exposed in the breach includes customers' email addresses, usernames, passwords, birthdays and zip codes, along with their sexual preferences, CNN reports.
The Impact Team claims Avid Life Media saw $1.7 million in revenue from the service in 2014, according Brian Krebs, a reporter who published statements from the Impact Team on his blog, KrebsOnSecurity. "Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address[es], which is of course the most important information the users want removed." On Monday, Avid Life Media announced that the delete service would be made free for all members.
Noel Biderman, chief executive of Avid Life Media, described the breach as a "criminal act," and told Krebs that the hacker(s) "certainly had touched our technical services," according to the Times. In his blog KrebsOnSecurity, Krebs writes, "It's unclear how much of the AshleyMadison user account data has been posted online. For now, it appears the hackers have published a relatively small percentage of AshleyMadison user account data and are planning to publish more for each day the company stays online."