Dating website for affairs Ashley Madison hacked, 37m user details potentially leaked (updated)

20 Jul 2015

CEO of Avid Life Media, Noel Biderman. Image via ALM

A dating website for affairs that has long garnered the attention of people online is now facing the news that the private information of its 37m users could be in danger of being revealed.

The dating website for affairs called Ashley Madison is just one of a conglomerate of three hook-up websites run by a Canadian company called Avid Life Media (ALM), which is now scrambling to ensure that its user’s data – which obviously calls for discretion – will not see it slammed with lawsuits from disgruntled users’ partners.

According to Krebs On Security, the company has confirmed that it has been hacked and that, so far, it has been shown that samples of hacked data include user account information, maps of internal company servers and secret employee information.

However, it is still unclear as to how much information the culprits have managed to obtain, but a named team has come forward to claim responsibility for the attack.

Called the Impact Team, the group are claiming to have acted in the interests of its users as claims made by ALM that it would offer a service of deleting all is users’ account details for CA$19 are supposedly false.

“Full Delete netted CA$1.7m in revenue in 2014. It’s also a complete lie,” the Impact Team said in a statement. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”

Rich and powerful people in firing line

The group goes on to demand that Ashley Madison and the other two websites under the ALM group – Cougar Life and Established Men – be shut down permanently.

It is safe to say that, as the statement continues, the group’s sympathy does not lie with the users, however.

“Too bad for those men, they’re cheating dirtbags and deserve no such discretion. Too bad for ALM, you promised secrecy but didn’t deliver.

“We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37m members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

According to the company’s CEO Noel Biderman, the source of the Impact Team could have had some form of access to the company, but perhaps not a direct employee.

The site is now back online, but the information is still potentially with the Impact Team for an online data dump if demands are not met.

Update 13:46 20/07/2015

This article has been updated to include a statement made by ALM about the leaking of customer data and that it has now sealed the data breaches.

“At this time, we have been able to secure our sites, and close the unauthorised access points,” the statement reads. “We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyberterrorism will be held responsible.”


Colm Gorey was a senior journalist with Silicon Republic