Online cheaters exposed after hackers access AshleyMadison hookup site

The Washington Post
July 21, 2015 16:12 MYT
Data stolen by hackers from AshleyMadison.com has been posted online.
The secret's out. Maybe lots of secrets. Data stolen by hackers from AshleyMadison.com, the online cheating site that claims 37 million users, has been posted online, according to Krebs on Security, the authoritative Web site that monitors hacking across the globe.
The breach was confirmed in a statement from Avid Life Media Inc., which owns AshleyMadison. "We apologize for this unprovoked and criminal intrusion into our customers' information."
AshleyMadison's slogan is "Life is short. Have an affair."
It's an unusual and apparently very popular dating website for those seeking extramarital relations. It gains attention by, among other things, wrapping itself in a social science mantle and publishing data about the frequency and location of cheaters across America, for anyone who happens to be interested, without, of course, mentioning any names.
Krebs on Security reported that the hackers, who identify as "The Impact Team," got a hold of "sensitive internal data" not only for AshleyMadison but also for other hookup sites owned by the company, Cougar Life, which appeals to "single moms and sexy singles looking for a young Stud," and Established Men, which promises to connect "young, beautiful women with successful men."
According to Brian Krebs, from Krebs on Security:
In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.
Krebs reported that "The Impact Team" is threatening to expose all customer records unless Avid Life Media takes AshleyMadison and Established Men offline "permanently in all forms."
But it wasn't clear how much data had been posted online, Krebs said. And it was impossible to actually find "The Impact Team's" revelations on the Internet early Monday morning, just hours after Krebs broke the story.
Noel Biderman, Avid Life Media CEO, confirmed the hack to Krebs on Security as well as in a statement, but declined to discuss the company's "ongoing and fast-moving" investigation. Biderman told Krebs on Security that it was likely "not an employee but certainly" someone who "had touched our technical services."
"We're not denying this happened," Biderman said to Krebs on Security. "Like us or not, this is still a criminal act."
CNN reported on a similar data breach two months ago in which intruders stole and leaked online user data on millions of accounts from hookup site AdultFriendFinder.
Although it is unknown how much user account data from AshleyMadison is online, Krebs on Security reports that it appears to be a small amount that will increase by each day the company remains online.
AshleyMadison claims to be the world's second-largest paid-for Internet dating site after Match.com, Bloomberg reports.
Fusion reports that tech blogger Robert Scoble posted an email from AshleyMadison's public relations team last year that ironically claimed the site was "the last truly secure space on the Internet."
Which is apparently not the case.
"Too bad for those men, they're cheating dirtbags and deserve no such discretion," the hackers wrote.
"We have always had the confidentiality of our customers' information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world," Avid Life Media said in its statement. "As other companies have experienced, these security measures have unfortunately not prevented this attack to our system.
"At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber-terrorism will be held responsible."
In a second statement emailed Monday morning to The Washington Post, Avid Life Media said it was working to gain control of the situation.
"Following the earlier unprovoked and criminal intrusion into our system, Avid Life Media immediately engaged one of the world's top IT security teams — with whom we have worked in the past — to take every possible step toward mitigating the attack.
"Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online. We have always had the confidentiality of our customers' information foremost in our minds and are pleased that the provisions included in the DMCA have been effective in addressing this matter."
#AshleyMadison.com #cyber terrorism #hacking
;