An online matchmaking service for married people has been hacked, and data on its 37 million clients are being held hostage.
Krebs on Security broke the news today after talking to the CEO of AshleyMadison.com’s parent company late Sunday.
AshleyMadison.com is “the world’s largest website for married men and women looking to have a discreet affair,” according to Avid Life Media.
The Toronto-based Avid Life Media, or ALM, owns AshleyMadison.com, as well as CougarLife.com and EstablishedMen.com.
ALM publicly acknowledged the data breach in a statement this morning. It says that the company is investigating with “leading forensics experts and other security professionals to determine the origin, nature and scope of this incident.”
Noel Biderman, ALM chief executive, tells Krebs on Security:
“We’re not denying this happened. Like us or not, this is still a criminal act.”
Krebs reports that the hackers call themselves The Impact Team.
The hackers have released “snippets of account data” for some 40 million ALM clients across the parent company’s three services, although Krebs does not specify where.
They also have leaked “maps of internal company servers, employee network account information, company bank account data and salary information.”
The hackers have threatened to publish additional stolen data, Krebs reports:
In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.
According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.
The hackers are threatening to release all customer records unless Avid Life Media takes Ashley Madison and Established Men offline permanently in all forms.
According to Krebs, such information would include:
- Customers’ secret sexual fantasies
- Credit card transactions
- Real names and addresses
- Employee documents and emails
How do you feel about this data breach? Share your thoughts in a comment below or on Facebook.