A hacking group is threatening to reveal the personal details of up to 37 million users of AshleyMadison, the infidelity-focused matchmaking site, unless their demands are met. A group of hackers calling themselves The Impact Team has claimed responsibility for the attack, along with posting a small sample of data (since taken down) stolen from Avid Life Media, the company that owns AshleyMadison, Cougar Life and Established Men.
The Impact Team posted a manifesto alongside the stolen data, which said it had released AshleyMadison information in retaliation for the company's 'Full Delete' service that promised to entirely remove member profiles for $19. The group claims that the feature didn't actually wipe profiles as advertised and that it brought ALM $1.7 million in revenue last year.
"Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed," the hackers claim. They are now demanding that ALM takes AshleyMadison and Established Men permanently offline.
Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online. [...] Too bad for those men, they're cheating dirtbags and deserve no such discretion. Too bad for ALM, you promised secrecy but didn't deliver. [...] And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.
ALM Chief Executive Noel Biderman confirmed the hack and condemned the "criminal act". He suggested the breach was the work of someone who had access to ALM's internal networks. "We're on the doorstep of [confirming] who we believe is the culprit," he said. "It was definitely a person here that was not an employee but certainly had touched our technical services."
In May, a similar attack took place on online dating service Adult FriendFinder. An investigation by England's Channel 4 news revealed that the highly sensitive sexual information of almost four million users was being traded on the dark web.