Ashley Madison the site that lets people have extramarital affairs, has been hacked by a group who are threatening to reveal the identity of millions of registered users.
Krebs on Security reports that the hackers known as The Impact Team now have access to sensitive data stolen from the Toronto-based firm Avid Life Media (ALM) who own Ashley Madison as well as two other dating sites: Cougar Life and Established Men.
In a statement to ALM, the hackers said that if the company failed to completely shutdown Ashley Madison and Established Men, they would release "customer records, secret sexual fantasies, nude pictures, credit card transactions, real names and addresses as well employee documents and emails."
On Sunday evening, ALM's chief executive Noel Biderman confirmed the hack and told Krebs on Security that it was working “working diligently and feverishly” to make amends.
The Impact Team say they stole the company's data because of their issue with Ashley Madision's "full delete" feature that is supposed to give users the opportunity to wipe their information from the site.
However, according to the hackers, the $19 (£12) service still preserves some client information including name and address.
In a statement, The Impact Team wrote:
"Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie.
“Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
So far, "maps of internal company servers, employee network account information, company bank account data and salary information" has been leaked
The hackers' statement continues:
“Too bad for those men, they’re cheating dirtbags and deserve no such discretion.
“Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
Biderman suggested that The Impact Team may have had help from a former employee. He told Krebs:
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication.
“I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
In a statment, Ashley Madison said:
We apologize for this unprovoked and criminal intrusion into our customers' information. The current business world has proven to be one in which no company's online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.
We have always had the confidentiality of our customers' information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world. As other companies have experienced, these security measures have unfortunately not prevented this attack to our system.