TORONTO — Infidelity hookup website AshleyMadison.com has been breached by a team of hackers threatening to leak the names and details of all of its 37 million users if the operators don’t shut it down.
According to reports, the “The Impact Team” of hackers have a beef with the site’s $19 “Full Delete” service, calling it a lie, and claiming that it doesn’t wipe user’s profiles clean but instead leaves behind sensitive credit card information.
"Full Delete netted [Avid Life Media - ALF] $1.7 million in revenue in 2014. It's also a complete lie," the hackers said in a manifesto published by security blog KrebsOnSecurity. "Users almost always pay with credit card; their purchase details are not removed as promised, and include real names and address, which is of course the most important information the users want removed."
The hackers posted a sample of the poached data along with a statement that said it would release the names, addresses and sexual fantasies of the site’s members if ALF doesn’t close the site. ALF also runs Cougar Life, Established Men, gay and BBW dating sites, and more.
"We were recently made aware of an attempt by an unauthorized party to gain access to our systems," ALM said in a statement, adding that while it had tight security in place the systems "have unfortunately not prevented this attack."
ALM chief executive Noel Biderman told Krebs that the company was working hard to remove the data.
"At this time, we have been able to secure our sites, and close the unauthorized access points," the company said. "We are working with law enforcement agencies, which are investigating this criminal act."
The company later said it has hired "one of the world's top IT security teams" to work on the breach, and had successfully removed all posts by the hackers that contained the sensitive user information.