Hackers breached the internal systems of Avid Life Media (ALM), a Toronto-based company, and posted online large caches of sensitive data stolen from one of its websites, Ashley Madison, security researcher Brian Krebs reported Sunday. The cyberattack on the service, which facilitates extramarital affairs, and the subsequent leak of confidential data could jeopardize the personal lives of nearly 37 million people who use the service.
The breach, which occurred over the weekend, was conducted by hackers, who go by the name “The Impact Team.” The intruders posted snippets of the account information of nearly 40 million users across Ashley Madison, as well as two other similar websites, Cougar Life and Established Men, owned by ALM. They also leaked maps of internal company servers, employee network account information, company bank account data and salary information, Krebs reported.
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online,” the hackers wrote on the Ashley Madison website.
The attack came in response to alleged lies that ALM told its customers about a service that requires the website’s users to pay a $19 fee to have their personal information completely erased from the site. According to hackers, the company did not actually scrub the users’ purchase details, including their real name and address as promised, Krebs reported, adding that it is unclear how much user account data has been already leaked by hackers.
“We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online,” the hackers wrote. “And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
Ashley Madison, whose slogan is “Life is short. Have an affair,” has been reportedly planning to raise up to $200 million through an initial public offering on the London Stock Exchange, Reuters reported.
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Noel Biderman, ALM’s CEO, told KrebsOnSecurity, confirming the hack. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
Meanwhile, ALM also issued a statement on Monday, saying that the company has launched a “thorough investigation” of the matter, involving forensics experts and other security professionals.
“At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber–terrorism will be held responsible,” the company said in the statement.