Ashley Madison hacked, info of 37 million users stolen

Popular online cheating site Ashley Madison has been hacked, and personal information and financial records of 37 million of its users has apparently been compromised by the attackers, who go by the name The Impact Team.

User databases for two other dating sites owned by the same company (Avid Life Media) – Cougar Life and Established Men – have also been accessed and the information in them stolen.

The hackers claim to have also gotten their hands on other sensitive data such as ALM’s financial records, employee network account information, maps of internal company servers, proprietary information, and emails.

Brian Krebs reports that they have already released 40MB of data online, but ALM has been working on taking it offline. “Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online,” the company stated.

The attackers have promised to release more of the stolen information if Ashley Madison and Established Men don’t get shut down by their parent company.

Apparently, the reason for this hack is not that the attackers object to the sites’ users’ activities, but want to punish ALM for offering a “full delete” feature that the company claimed would delete a customer’s account and all traces of it from the Ashley Madison and Established Men sites (if they pay $19), but failed to actually provide this service.

“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed,” the hackers claimed.

It seems they know what they are talking about. According to ALM CEO Noel Biderman, the investigation they mounted with the help of an external IT security firm and law enforcement revealed that the hack was executed by or with the help of an outside contractor of former employee that, at one time, had “touched” the company’s technical services.

“At this time, we have been able to secure our sites, and close the unauthorised access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber-terrorism will be held responsible,” the company stated.

Ashley Madison is not the first dating/cheating website/service to have been hit by hackers. Less than two months ago, dating site Adult FriendFinder also suffered a breach and information of over 3.5 million of its users has leaked online.

Also, in semi-related news, a hacker that goes by ElSurveillance on Twitter has apparently hacked two escort service-related sites, and dumped usernames and passwords online.