Hackers Grab 37 Million Profiles From Cheating Site Ashley Madison

A hacker or group of hackers going by the name The Impact Team has broken into systems belonging to Avid Life Media, the company that owns websites Ashley Madison, Cougar Life and Established Men. They are threatening to leak sensitive information from more than 37 million AshleyMadison.com users if ALM does not take Ashley Madison and Established Men offline permanently.

According to KrebsOnSecurity, the hackers’ ire was not sparked by the moral fuckery of the websites themselves, but rather by an allegedly flawed service that purports to completely wipe the profiles of users leaving the site for a $20 fee. The hackers wrote:

“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.

Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”

KrebsOnSecurity reports that the hackers have already released a small percentage of user data, and appear to be publishing more for each day the websites remain live. “Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the message continued. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

A statement from Avid Life Media released a statement apologizing “for this unprovoked and criminal intrusion into our customers’ information.” They continued: “At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber–terrorism will be held responsible.”