Ashley Madison: What the Site Says Hackers Got Wrong
As many as 37 million customer profiles may have been breached.
— -- Ashley Madison, the website for married people seeking affairs, is waiving its fee for users to delete their profiles after the site suffered an unprecedented hack putting as many as 37 million members and private information from the website's company, Avid Life Media, at risk.
For $19, the company had previously allowed repentant cheaters to scrub their information from the website. In a lengthy statement explaining the breach, a person or group calling themselves the Impact Team, said it took issue with the company's a "full delete" feature and claimed it didn't live up to its promise.
Avid Life Media said in a statement the feature "does in fact remove all information related to a member's profile and communications activity."
"The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system user' email boxes," the statement said. "This option was developed due to specific member requests for just such a service, and designed based on their feedback."
Avid Life Media confirmed on Monday that the company suffered a "criminal intrusion" into its system. Using the Digital Millennium Copyright Act, the company said it was able to successfully remove the small amount of personal information hackers had posted online and is working with law enforcement to find the source of the breach.
"Our team of forensics experts and security professionals, in addition to law enforcement, are continuing to investigate this incident and we will continue to provide updates as they become available," the company said.
The hacker or hackers had a message for the company, which runs several similar dating websites, including one called Established Men.
"Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails," a message from the hackers said, according to a post on Krebs On Security.
Other websites run by Avid Life Media "may stay online," the statement said.
"Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the Impact Team wrote. "Too bad for ALM, you promised secrecy but didn't deliver."