A site dedicated to cultivating extramarital affairs has just been hacked along with the threat to reveal the identity of over 37 million users. Avid Life Media, the company behind Ashley Madison and Established Men, has been instructed to take the two sites offline permanently in all forms. For a site whose slogan is “Life is short. Have an affair,” this is causing quite the scare. The hackers are ready and waiting to take action, which could result in airing the dirty laundry of millions of users.
Avid Life Media Chief Executive Noel Biderman confirmed the hack to KrebsOnSecurity late Sunday evening along with a statement promising that the company was working “diligently and feverishly" to take down the company’s intellectual property. The hackers had apparently sampled at random grabbing information from some 40 million users across three of the company’s properties: Ashley Madison, Established Men and Cougar Life. The hackers also leaked maps of internal company servers, employee network account information, company salary information and bank account data. But their manifesto is even more detailed in their demands. They not only threaten to release customer records including their secret sexual fantasies and matching credit card transactions, along with real names and addresses, but they also call out the company for their lack of secrecy:
Too bad for those men, they’re cheating dirtbags and deserve no such discretion. Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.
It’s still unclear how much of the Ashley Madison user account data that the hackers obtained. As of now, it appears they have published a relatively small percentage of user account data, and plan to publish more for each day the company stays online. Ashley Madison is the internet’s #1 cheating website, for people married or in a relationship who want to have an affair. The other threatened site, Established Men is a prostitution/human trafficking site for rich men to pay for sex. The hackers claim the other sites that ALM owns such as Cougar Life, Man Crunch, Swappernet and The Big and the Beautiful do not need to go offline.
ALM’s Noel Biderman declined to discuss any specifics into the company’s investigation, but he did note that it was ongoing and fast-moving. There was suggestion that the incident could be the work of someone who had inside access to the company’s networks at some point, potentially a former employee or contractor. Biderman said:
We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication. I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.
Proof to support this theory comes in the manifest as well, where the hackers actually single out and apologize to the Director of Security, Mark Steele stating, “You did everything you could, but nothing you could have done could have stopped this.” Sounds like a line straight from an episode of HBO’s Silicon Valley.
We’ll see what becomes of this scandal, but for now, Ashley Madison is tirelessly working to keep their users private. For all the cheaters out there though, your time in the dark may be up.