The parent company of AshleyMadison.com, a dating site that brazenly declares “Life is short. Have an affair,” is the latest subject of a massive data breach. Over the weekend, hackers posted a sampling of user data stolen from the site.
KrebsOnSecurity.com was the first to report news of the breach, which was subsequently confirmed by Avid Life Media, the Toronto-based company behind these sites.
Though hackers only posted a small sample of user data, they claim to have accessed the full database of around 40 million accounts from Ashley Madison, along with other ALM sites like Cougar Life and Established Men.
The attack also compromised information about ALM’s internal servers, and sensitive company data like bank accounts and salaries, reported Krebs.
ALM was reportedly targeted because the company charges a $19 fee for a “Full Delete” service to completely erase details of customers’ — a promise the hackers say ALM failed to live up to.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” wrote the hackers in explaining their actions. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
The hackers demand that ALM take down Ashley Madison and Established Men permanently “in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
The hackers have little sympathy for the users of these sites.
“Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” they wrote. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
In its statement confirming the breach, ALM apologized “for this unprovoked and criminal intrusion into our customers’ information. The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.”
The company says it has been able to secure its sites and that it is working with law enforcement.
“Any and all parties responsible for this act of cyber–terrorism will be held responsible,” reads the statement.
by Chris Morran via Consumerist
No comments:
Post a Comment