Extramarital affairs website Ashley Madison has become the latest victim of a high-profile cyberattack.
Ashley Madison, ran by Avid Media, is a website for those seeking a relationship or sexual experience -- with or without another half. Touting the slogan "Life is short. Have an affair," the website caters for men and women who are looking for "discreet encounters."
Ashley Madison claims there are over 37 million members signed up for the service in over 40 countries. Avid Media CEO Noel Biderman launched the website in 2011, and it is now worth over $160 million.
"Strip clubs, massage parlors and prostitution have all traditionally catered to men's desires to cheat," says Biderman. "Up until the creation of AshleyMadison.com, there wasn't really a place where women could go to pursue their desires to have an affair. Now that there is, it's clear that women aren't the more faithful sex -- they just hadn't been offered the same opportunities to cheat in the past."
Ashley Madison might claim 100 percent discretion, but a security breach over the weekend has threatened to expose the website's members. As first reported by security expert Brian Krebs, data belonging to the extramarital affairs finder was posted online by a hacker -- or hacking group -- dubbed The Impact Team.
In an email sent out last year, Ashley Madison called itself "the last truly secure space on the Internet." Despite such assurances and taking "every possible measure" to secure user data, the hackers reportedly managed to steal databases, network information and potentially both user and financial data. A small sample of the stolen cache was posted online, and the threat of exposing the site's users still looms.
In a manifesto posted alongside snippets of stolen data, The Impact Team said the cyberattack took place in response to Ashley Madison's profile erasure system. If a customer pays $19, they are able to completely remove their account details and, therefore, cover their tracks.
However, the hacking group says the full delete is a lie.
"Full Delete netted ALM $1.7mm in revenue in 2014. It's also a complete lie," the hackers wrote. "Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed."
Not to appear to support extramarital affairs, the manifesto continued:
"Too bad for those men, they're cheating dirtbags and deserve no such discretion. Too bad for ALM, you promised secrecy but didn't deliver. We've got the complete set of profiles in our DB dumps, and we'll release them soon if Ashley Madison stays online.
And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people."
The hackers say that for every day the websites are online, user details will be released. On Monday, Toronto-based Avid Media admitted in a statement the website was attacked by an "unauthorized party," and the firm is currently working with forensics specialists to discover how the data breach took place. The firm said:
"We apologize for this unprovoked and criminal intrusion into our customers' information. The current business world has proven to be one in which no company's online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies."
At the time of writing, Avid Media has closed off the access points used by the infiltrators and have reported the incident to law enforcement. The company said "any and all parties responsible for this act of cyberterrorism will be held responsible," although that's likely to be of little comfort to Ashley Madison users.
Read on: Top picks
- How to access Wi-Fi anonymously from miles away
- How to take over the accounts of UK politicians using public Wi-Fi hacks
- Severe iOS bug prompts iCloud password theft
- Hacking Team: We won't 'shrivel up and go away' after cyberattack
- Army exoskeletons train soldiers to shoot
- Hackers control medical pumps to administer fatal doses