Infidelity site Ashley Madison hacked

ashleymadisonIf you’ve been conducting an affair online then you might want to look away…

Customer data from infidelity website Ashley Madison has been posted online after an attack on the site’s databases by a group calling itself The Impact Team.

Ashley Madison – whose tagline is “Life is short. Have an affair” – operates in over 50 countries and has 37 million registered users. The Impact Team has so far only published a small amount of the stolen data – including customers’ names, email addresses, credit card transactions and details of sexual fantasies – some of which relates to customers who have paid to have their account and information permanently deleted.

Users of Ashley Madison can request to have all their details removed for free, but a full delete of all their information costs users $19. It seems that this was the motive for the attack, with hackers calling this service a “complete lie”, as they published details of individuals who have paid for this service.

The Impact Team has threatened to “release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails” if the website is not taken offline.

Cyber security expert Brian Krebs reports that, in addition to the leaked customer information, criminal hackers have also published details of “internal company servers, employee network account information, company bank account data and salary information.”

Avid Life Media, which owns Ashley Madison, also reported attacks on two of its other sites, Cougar Life and Established Men.

Avid Life Media said in a statement: “We apologise for this unprovoked and criminal intrusion into our customers’ information. We have been able to secure our sites, and close the unauthorised access points. Any and all parties responsible for this act of cyber-terrorism will be held responsible.”

This is far from the first instance of an adult dating site having its data compromised. We reported in May how Adult FriendFinder was hacked, affecting nearly four million users. In 2012, the Electronic Frontier Foundation conducted research into the security of eight leading dating sites and found that only one, Zoosk, had a level of security adequate enough to protect users’ data.

Protecting individuals’ personal information is a must for all business, whatever industry they operate in. Conversely, individuals must be wary of what information they provide and to whom. In this instance, affected customers could be a little more exposed than they’d expected.