When Hackers Expose Cheaters: Ashley Madison Hackers Threaten to Expose User Data
Life is short. Have an affair.
That's the catch phrase that online "cheating network" Ashley Madison has successfully banked on for years. It's also a controversial concept that managed to net over 37 million "anonymous" users—or at least that's what their front page says. For its users, that anonymity part is critical, since the site is a platform designed for married people to hook up with other people, after all.
Things might start to get ugly for a lot of people, because Ashley Madison recently got hacked. Avid Life Media, the company that runs Ashley Madison (along with two other adult hookup sites) has confirmed that their user database has been compromised. The group responsible, calling itself "The Impact Team", has threatened to release the stolen customer information unless their demands are met.
In a world where hacking and data breaches are usually done for monetary gain, information theft, espionage, or activism, the hacker's demands in this case are unique. Unlike the hacker behind the Adult FriendFinder breach last May who did it to blackmail the company for money, The Impact Team apparently have completely different motivations: they want ALM to shut down two sites, Ashley Madison and Established Men, permanently. For what appears to be moral reasons.1
"Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”
It's definitely unconventional, but the threat doesn't appear to be an empty one. Small samples of client data from three of ALM's sites have already been leaked online, along with maps of internal company servers, employee account and salary information, and company bank account data.
Cheating the cheaters? Issues with Ashley Madison's "full delete" service
If The Impact Team's message is to be believed, the site's users weren't the only cheaters here. According to the hackers, the site's "full delete" feature2 is "a complete lie," as it doesn't completely wipe the users' data. While the feature does delete the user's profile, messages, and activities—apparently after going through a confusing process—it might not completely "forget" about the user. The hackers added that "users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed."
This brings to light the similar set of privacy issues that users were exposed to when Adult FriendFinder got hacked a couple of months ago, where a data breach doesn't just affect wallets and online accounts but also real world relationships and reputations. Stakes are a little higher this time around though. Unlike the AFF breach, Ashley Madison's users—or at least most of them—are presumably married.3
According to the official statement from Avid Life Media, the company has secured their sites, closed unauthorized access points, and are currently investigating the incident.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases