Ashley Madison attack: Hackers threaten to expose 37.5m cheaters who use adultery site
Published 20/07/2015 | 12:50
Ashley Madison, the website for people seeking extramarital affairs, has suffered a major cyber attack, with hackers threatening to expose the names of adulterers unless the site is taken offline.
The controversial online dating company, which has 37.5m users – including 40,000 from Ireland – carries the tagline: “Life Is Short. Have An Affair”. The service is founded on confidentiality and privacy, claiming to be a "100pc discreet service" and boasting a "Trusted Security Award" on its homepage.
The hackers, going by the name “The Impact Team”, posted a small sample of sensitive data, along with a statement demanding the takedown of Ashley Madison and Established Men, an online dating site that claims to connect "young, beautiful women with successful men". The data and the statement have since been taken offline.
Avid Life Media, the company that owns Ashley Madison, confirmed the hack and apologised for "this unprovoked and criminal intrusion into our customers' information".
"We have always had the confidentiality of our customers' information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world," the company said in a statement.
"As other companies have experienced, these security measures have unfortunately not prevented this attack to our system."
The Impact Team said it decided to publish the information in response to alleged lies Avid Life Media told its customers about its “full delete” feature, which allows members to completely remove their profile information for a $19 fee.
According to the hackers, although Ashley Madison promises “removal of site usage history and personally identifiable information from the site," credit card details – including real name and billing address – remain online.
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms," said The Impact Team in a statement seen by KrebsOnSecurity.
If their demands are not met, the hackers are threatening to "release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails”.
Avid Life Media said it has now removed the all posts related to the hack, as well as all personally identifiable information about its users published online, under the Digital Millennium Copyright Act. It is also working with forensics experts, security professionals and law enforcement agencies to investigate the incident.
"Any and all parties responsible for this act of cyber–terrorism will be held responsible," it said. "We will continue to provide updates as they become available."
Earlier this year, Avid Life Media announced its intention to float Ashley Madison on the London Stock Exchange. The online dating company, which calculates its value at $1bn, aims to raise $200m (£135m) from the initial public offering and will use the proceeds to fund international expansion.
Avid Life Media botched its first attempt at an IPO in 2010 due to a lack of investor appetite. However, Christoph Kraemer, who runs Ashley Madison’s European operations, said that he had higher hopes for a London listing due to Europe’s more relaxed approach toward infidelity.
“It’s been difficult in North America to find the support to go public," Mr Kraemer told Bloomberg in April. “Europe is the only region where we have a real chance of doing an IPO.”
The company generated global revenues of $115m in 2014, an increase of 45pc on the previous year, while membership grew by 35pc.
Avid Life Media does not specify region-specific income, but Mr Kraemer said that the UK is “our most successful European market in terms of revenue” even though the website has more members, 1.3m, in Spain.