Ashley Madison hack could expose 37 million 'cheating dirtbags'

Hackers are demanding that the popular adultery website Ashley Madison is shut down... or they will release a database containing details of its 37 million users, information about employees and salary and bank account information.

In other words, if you have ever signed up for the Ashley Madison website, there is a chance that your name, address, and sexual peccadillos may now be in the hands of hackers - and might soon be made public.

Ashley Madison website

The hackers, however, have no sympathy for the people who might be exposed by the theft of the database: "Too bad for those men. They're cheating dirtbags and deserve no such discretion."

The news of the hack, confirmed in a press release released on the wires earlier today, was first broken by security blogger Brian Krebs who found portions of the stolen data posted on the internet by a group calling itself The Impact Team.

We are the Impact Team.

We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails

Shutting down AM and EM will cost you, but non-compliance will cost you more: We will release all customer records, profiles with all the customers' secret sexual fantasies, nude pictures and conversations and matching credit card transactions, real names and addresses, and employee documents and emails. Avid Life Media will be liable for fraud and extreme harm to millions of users.

Avid Life Media runs Ashley Madison, the internet's #1 cheating site, for people who are married or in a relationship to have an affair. ALM also runs Established Men, a prostitution/human trafficking website for rich men to pay for sex, as well as cougar life, a dating website for cougars, man crunch, a site for gay dating, swappernet for swingers, and the big and the beautiful, for overweight dating.

Trevor, ALM's CTO once said "Protection of personal information" was his biggest "critical success factors" and "I would hate to see our systems hacked and/or the leak of personal information"

Well Trevor, welcome to your worst fucking nightmare.

Further messages posted by the hackers suggest that the attack was inspired by outrage at claims the company was charging a fee for account deletion.

Full delete dialog

Avid Life Media's CEO Noel Biderman told Brian Krebs that it was possible a former employee or contractor might have been responsible for the hack, abusing access to the company's systems which should have been revoked when their work for the company finished:

"We're on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication," Biderman said. "I've got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services."

To be frank, whether it was a remote hacker or a rogue contractor is going to be little comfort for those who might be about to have their membership of the Ashley Madison website exposed.

News of the attack compromising the Ashley Madison site comes just two months after rival site Adult Friend Finder was hacked, and its user database made available for download

Whatever you might think of sites like Ashley Madison and Adult Friend Finder, and the morals of their users, I am far from convinced that they deserve to be hacked. It is clear that revealing the personal information of millions of site users could lead to further harm and criminal acts.

Cougar Life

Avid Life Media, the owners of the Ashley Madison website and other sites of a similar nature such as Cougar Life and Established Men, said in its press release that it was working with law enforcement to investigate the breach, and offered an apology to users:

We were recently made aware of an attempt by an unauthorized party to gain access to our systems. We immediately launched a thorough investigation utilizing leading forensics experts and other security professionals to determine the origin, nature, and scope of this incident.

We apologize for this unprovoked and criminal intrusion into our customers' information. The current business world has proven to be one in which no company's online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.

We have always had the confidentiality of our customers' information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world. As other companies have experienced, these security measures have unfortunately not prevented this attack to our system.

Well, if the company really wants to apologise to its users it might be a good idea to do it someplace where the users might see it.

Ashley MadisonThe official announcement that a data breach has occurred hasn't yet reached the press release section of the Ashley Madison website, nor is any warning displayed on the Ashley Madison homepage.

Maybe Ashley Madison is warning users of the potential risk if they log into the site.

I can't confirm if that's the case or not as (fortunately) I'm not a user of their "Life Is Short. Have An Affair" service. Frankly, I'd rather not create a test account just in case Mrs Cluley ever checks out my internet history...

News of the hack attack doesn't come at a good time for Avid Life Media, which has reportedly been planning to float on the stock exchange.

A hack like this will hardly boost the confidence of those in the city considering betting on company's financial future.

Update:

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, ,

8 Responses

  1. Anonymous

    July 20, 2015 at 10:32 am #

    >They're cheating dirtbags

    Interesting choice of language. I wonder if the hacker(s) are female? Hard to have much sympathy for the members of this site though.

    • Graham Cluley in reply to Anonymous.

      July 20, 2015 at 10:37 am #

      Who can say? Hell hath no fury like a woman scorned…

      There have been claims made in the past that the website creates fake profiles of sexy females to boost sign-ups from guys.

      http://www.thestar.com/news/canada/2014/03/23/adultery_website_ashley_madison_countersues_exemployee_who_claims_she_wrote_fake_profiles.html

      • Anonymous in reply to Graham Cluley.

        July 20, 2015 at 12:20 pm #

        What! Next thing you'll be telling me, Graham, is there aren't really hot single girls looking to hook up in my local area!

  2. Anonymous

    July 20, 2015 at 12:56 pm #

    What? There AREN'T???

  3. peta

    July 20, 2015 at 10:14 pm #

    Mary Whitehouse was right, It was a downward moral spiral from the 1960 s that have allowed this corruption of wedding vows to proliferate. Dont get married in the first place, Nobody makes you, Cheating destroys lives.

  4. Coyote

    July 21, 2015 at 10:20 pm #

    'We were recently made aware of an attempt by an unauthorized party to gain access to our systems.'

    Attempt? It seems to me this wasn't an attempt. Maybe they mean attempt in that if 'bad' can be 'good' (in the mind of silly people…) then 'attempt' can be 'successful' ? Or maybe they're hoping to hide their blunder about (failing) covering up what their service allows? If they cover up that they failed to cover up, are they successful?

  5. Jackie

    August 20, 2015 at 1:29 pm #

    No they aren't warning users as they sign on.

    It's important to remember that not all users on that site are cheating yet their information has been released also.

  6. Lp1981

    October 1, 2015 at 8:27 pm #

    So, am I dirt bag for signing up to this site to confirm my now ex girlfriend was using this site? Same woman has been far to much trouble from the get go, and now I get to deal with e-mails about revealing me….. Even now that she is gone, she is still a pain in my ass.

Leave a Reply