The popular online cheating site Ashley Madison has been hacked, and a big amounts of data was stolen by hackers who posted part of this information online as proof of the attack.
The hackers affirm that they have completely compromised the Ashley Madison company and have the users’data, including financial records, and many other personal information.
It has been estimated that around 37 million users are in risk of seeing their affairs and fantasy exposed to the public, if all the information owned by hackers is leaked.
Until the moment the only data released, was uploaded by a hacker (or hackers) calling itself “The Impact Team,” the archive includes internal the data stolen from Avid Life Media (ALM), which is the company that owns the Ashley Madison, and other similar sites like Cougar Life and Established Men.
The popular investigator KrebsOnSecurity reached Noel Biderman, the ALM Chief Executive, for a comment and he confirmed that the company systems were hacked. Biderman added that the company is “working diligently and feverishly” to take down ALM’s intellectual property. KrebsOnSecurity verified that many of the links published by the Impact Team were no more working.
“We’re not denying this happened,” “Like us or not, this is still a criminal act.”said Biderman.
Due to an ongoing investigation, Biderman hasn’t provided further details, the man pointed out someone who once upon a time had access to the company’s network, like a former employee or a contractor:
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,”, “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
The hackers compromised not only users of the Ashley Madison website, they leaked maps of ALM’s servers, employee account information, salary details, company banks, all the type of information that can compromise the company business.
In May AdultFriendFinder, another dating website, has been breached by hackers that leaked data online.
The Impact Team released a manifesto online, referring about the stolen ALM data and arguing that ALM was lying to their customers because ALM told them there was a service that allowed members to erase their profile info for a fee ($19).
Hackers said that the profile’s “full delete”, in which is offered “removal of site usage history and personally identifiable information from the site,” it isn’t true and nothing is deleted.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
But the hackers have a demand that want to see fulfill:
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”
For what is known until the moment, the Impact Team only release a small percentage of the data they stole, but it’s possible that they will be release the entire archive if their requests are not fulfilled, meaning that Ashley Madison needs to shut down.
Impact Team added in their statement:
“Too bad for those men, they’re cheating dirt bags and deserve no such discretion,” “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
The circumstance suggests that hackers have a deep knowledge of the company, he also left a message to the directory of Security Mark Steele:
“Our one apology is to Mark Steele (Director of Security),” “You did everything you could, but nothing you could have done could have stopped this.”
About the Author Elsio Pinto
(Security Affairs – Ashley Madison, cybercrime)