Here's some good news for divorce lawyers, though probably bad news for anyone else involved: this weekend, hackers broke into the adultery-dating website “AshleyMadison” and leaked personal details about some of its clients, including credit card details.
AshleyMadison (registered motto: “Life is short. Have an affair.®”) is owned by Avid Life Media, which owns other hookup sites including “Established Men” and “Cougar Life.”
ALM chief executive Noel Biderman confirmed the hacking to security expert Brian Krebs late Sunday evening, and said the company was “working diligently and feverishly” to take down as much of that information as it could. Biderman also suggested that the hacker might be someone who has or had legitimate access to ALM's servers – in other words, a current or former employee or contractor.
Hackers demand site be taken down
The hacker or hackers behind the breach self-identify as The Impact Team. The team is threatening to release all of the information it stole from AshleyMadison unless the site is taken down. According to its own statements, The Impact Team's main complaint with AshleyMadison isn't that the website promotes or facilitates adultery, but that it allegedly lies to its clients.
Specifically, people with dating profiles on AshleyMadison are also offered the chance to pay $19 for a “full delete” function – basically scrubbing your complete profile and activity history from the site.
But according to the hacker or hackers who comprise The Impact Team, AshleyMadison's “full delete” service is a lie:
Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed. Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online. …
ALM today released a statement saying, in part, that: “We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world. As other companies have experienced, these security measures have unfortunately not prevented this attack to our system.”
The statement did not address the question of whether any of the compromised information was supposed to have been deleted after its owner paid the $19 fee.