Adultery website AshleyMadison.com has been hacked, potentially exposing names, addresses, and sexual preferences of millions of would-be cheaters just as the site’s owner was preparing to take the company public.
Avid Life Media Inc., the Toronto company that runs the site with the tagline “Life is short, Have an affair,” said Monday that hackers had gained access to its systems and that it was working with police to investigate the breach.
A group or individual called The Impact Team has claimed responsibility for the attack, and has already leaked maps of company servers, staff information and company bank accounts, according to cyber-security blog Krebs on Security. In a message overlaid on the AshleyMadison homepage, the hackers threatened to publish the stolen information unless the site and its peer EstablishedMen.com are taken offline.
“We will release all customer records, profiles with all the customers’ secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses,” the hackers wrote, according to Krebs. “Avid Life Media will be liable for fraud and extreme harm to millions of users.”
While the company says it has closed the security holes and erased the hackers’ message and any personal information about users, it will do little good if the hackers have transferred the data elsewhere, said Rik Turner, an analyst at technology researcher Ovum in London. That, he said, would leave users open to extremely uncomfortable questions from spouses if the information is made public.
“For Christ’s sake, if you’re going to cheat don’t do it online and leave yourself open,” Turner said. “Unless you’ve been living in a cave for the past few years and not reading a paper or receiving any TV signal, it should be obvious that everything is hackable.”
Avid Life – which says AshleyMadison is the world’s second-largest paid Internet dating website, with 36 million users – in April said it was considering an initial public offering this year to raise funds for international expansion.
Avid Life, which failed with an earlier IPO attempt in Canada, said it aimed to raise as much as $200 million in a London listing. The company says AshleyMadison had sales of $115 million last year, an almost fourfold increase from 2009. It makes money by charging for credits which can be used to pay for introductions to other would-be adulterers.
“We apologize for this unprovoked and criminal intrusion into our customers’ information,” Avid Life said in a statement. “We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place.”
According to Krebs, the hackers said they carried out the attack due to the difficulty of deleting user profiles from the site. For about $20, AshleyMadison will carry out a so-called “full delete” to erase a user’s information. But the hackers said the site nonetheless kept purchase details, names and addresses.
Avid Life said in an emailed release Monday that the delete option did remove all information related to a member’s profile and activity. In addition it was now offering a full delete free to any member because of the news.