Ashley Madison Hackers Reportedly Release Stolen Data

Ashley Madison Hackers Reportedly Release Stolen Data
Stephen Yagielowicz

LOS ANGELES — With a tagline of “Life is short. Have an affair,” adult lifestyle site Ashley Madison’s home page boasts “over 38,920,000 anonymous members” — but if some recent reports are accurate, those many millions of members are no longer anonymous...

A criminal hacking group calling itself “Impact Team,” has claimed responsibility for the data theft and has now released around 10-gigabytes of data which appears to contain the email addresses, credit card details and profile information of Ashley Madison’s once anonymous members.

The data release occurred after Ashley Madison’s parent company, Avid Life Media, refused to comply with Impact Team’s demand for the site’s closure, and was accompanied by the following statement:

“Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.

Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison [sic] fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.

Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.”

For its part, Dark Web site Quantum Magazine, which carried the Impact Team statement and linked to the torrent where the stolen credit card data and personal information is available, advised its readers to “please use this data responsibly,” so that’s reassuring...

Despite the uproar, Ashley Madison continues to promote its anonymity and security, with home page statements claiming that it is “the world’s leading married dating service for discreet encounters,” and boasting “100% Discreet Service,” from its SSL Secure Site, which displays a “Trusted Security Award.”

An Ashley Madison spokesperson notes that after the company was made aware of the attack on its systems, it immediately launched a full investigation utilizing independent forensic experts and other security professionals to assist with determining the origin, nature, and scope of this attack.

“Our investigation is still ongoing and we are simultaneously cooperating fully with law enforcement investigations, including by the Royal Canadian Mounted Police, the Ontario Provincial Police, the Toronto Police Services and the U.S. Federal Bureau of Investigation,” the spokesperson stated, adding that the company is actively monitoring this situation while endeavoring to remove any information that is unlawfully released to the public.

“This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of, as well as any freethinking people who choose to engage in fully lawful online activities,” the spokesperson explained. “The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society. We will not sit idly by and allow these thieves to force their personal ideology on citizens around the world. We are continuing to fully cooperate with law enforcement to seek to hold the guilty parties accountable to the strictest measures of the law.”

To underscore the severity of the situation, security researchers have reportedly verified that the dumped data does indeed contain actual, personally identifiable member and billing information.

Rather than targeting Avid Life for prosecution and the claiming of damages, however, all users of online services should hope that Impact Team’s act of terrorism is treated as the violation of U.S. Federal law that it is — and that the FBI will respond appropriately to this latest mass breaching of consumer data.

For the broader online adult entertainment industry, the Ashley Madison hack and subsequent release of user data does not bode well for future membership sales — as consumer fears over being victimized by these high-profile disclosures instills one more hurdle in the sales funnel for marketers to overcome.