Ashley Madison, the online website for extramarital affairs, has been hacked, the CEO of its parent company, Avid Life Media, has confirmed.
The news was first reported by security researcher Brain Krebs. A hacking group called The Impact Team is claiming to be behind the breach–and threatened to expose more information unless Ashley Madison and Established Men, another ALM site, are taken offline completely.
“We’re not denying this happened,” said ALM CEO Noel Biderman to Krebs on Security. Biderman called the hack a criminal attack.
The hackers are threatening to post the users’ information, which could affect up to 37 million–and the site’s owners. The Impact Team is threatening to release users’ “customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails,” according to Krebs on Security.
It’s unclear so far how much of users’ data has been taken, but it appears only a small number of users’ data has been posted so far, according to
The Impact Team is signalling out Ashley Madison and Established Men due to what they call the “complete lie” of the Full Delete option, which offers to scrub your payment for a $19 fee. The Impact Team said in a manifesto that the fee does not work since “users always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
But don’t think the Impact Team is doing this out of sympathy for the men who use the site. “They’re cheating dirtbags and deserve no such discretion,” the manifesto read.
In a statement, ALM apologized for the attack and said they have been able to secure their site.