Adultery website hackers threaten to ‘name and shame’ users

Adultery dating site Ashley Madison, whose advertising slogan is “Life is short. Have an affair”, has been infiltrated by hackers who aim to embarrass the firm and its users by releasing confidential data.

A hacking group that calls itself “The Impact Team” claimed it had complete access to a database contianing information on more than 37million members of the North American site, as well as financial records and other personal information.

Too bad for those men, they’re cheating dirtbags
Impact Team hackers

The hackers also claimed to have infiltrated two other sites owned by Avid Life Media (ALM): Cougar Life, which offers link-ups between older women with younger men, and Established Men, which it says “connects ambitious and attractive young women with successful and generous benefactors to fulfill their lifestyle needs”.

‘Complete lie’

The Impact Team demanded the shutdown of Ashley Madison and Established Men, otherwise it would release nude user pictures and data “including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails”.

Channel 4 News has discovered a web page which we understand contains the hacker’s warning to ALM.

It included an example of an American user’s details – which we are not showing – including his name, an email address, home address, the kind of sex he enjoys, and says he is a “good communicator” with “average sex drive”.

Read more: Adult dating site hack exposes millions of users

The hack comes just two months after the leak of highly confidential data from the AdultFriendFinder dating website, exposed by Channel 4 News.

A significant percentage of the population is about to have a very bad day
Impact Team hackers

The hackers’ main issue with Ashley Madison appears to be a leavers’ fee that Ashley Madison charges users. The site offers a “full delete” of data for $15 should a user choose to leave the service permanently.

The Impact Team has said the offer is a “complete lie”, and claims that details such as real name and address are never deleted – information the hackers suggest is likely to be “the most important” that users would want removed.

‘Too bad’

ALM confirmed its systems had been compromised, saying it had been able “to secure our sites, and close the unauthorised access points”.

We apologise for this unprovoked and criminal intrusion
Website owner

ALM’s Chief Executive Noel Biderman reportedly told the Krebson Security website “we’re not denying this happened”, adding: “Like us or not, this is still a criminal act.”

The company later said it had “successfully removed the all posts related to this incident as well as all personally identifiable information about our users published online”.

On its threat to publish user data, the hacking group said in a long statement posted online: “Too bad for those men, they’re cheating dirtbags and deserve no such discretion.”

“Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB [database] dumps, and we’ll release them soon if Ashley Madison stays online.

“And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

ALM said in a statement: “We apologise for this unprovoked and criminal intrusion into our customers’ information.

Our team has now successfully removed all posts related to this incident
Website owner

“The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.”

ALM later added: “Following the earlier unprovoked and criminal intrusion into our system, Avid Life Media immediately engaged one of the world’s top IT security teams to take every possible step toward mitigating the attack.

“Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the all posts related to this incident as well as all personally identifiable information about our users published online.

“We have always had the confidentiality of our customers’ information foremost in our minds and are pleased that the provisions included in the DMCA have been effective in addressing this matter.

“Our team of forensics experts and security professionals, in addition to law enforcement, are continuing to investigate this incident and we will continue to provide updates as they become available.”