AshleyMadison hack threatens to out 37 million adulterers

Hackers in The Impact Group are unhappy about the website's "Full Delete" feature

Adultery website AshleyMadison has been hacked by a group that are now threatening to expose the platform's 37 million cheating users unless the website is taken down.

The website, whose tagline is "Life is Short. Have an Affair", is founded on confidentiality and privacy. It facilitates relationships between married people looking to cheat on their spouse. If its users were made public then it's likely that a string of divorces would follow.

The data was stolen from Avid Life Media (ALM), which owns Ashley Madison along with other hookup sites such as Cougar Life and Established Men.

ALM confirmed the hack today by issuing a statement.

In April, ALM claimed AshleyMadison was the second most popular dating site in the world, losing out only to dating giant It also claimed to have 1.7 million users in Britain.

The hacking group behind the attack refers to itself as "The Impact Team".

Security blog KerbsOnSecurity said the group has already published a small percentage of the site's user account data online.

When the group published the data, it also released a statement demanding AshleyMadison and Established Men were removed from the internet.

Should ALM fail to do this then the hackers are threatening to reveal the names, addresses and sexual fantasies of the millions of people who have created a profile on AshleyMadison.

ALM said in a statement: "We apologise for this unprovoked and criminal intrusion into our customers' information.

"We have been able to secure our sites, and close the unauthorised access points.

"Any and all parties responsible for this act of cyber-terrorism will be held responsible."

The Impact Team has targeted ALM over its Full Delete feature - a $19 service that allows AshleyMadison users to remove their profile and all accompanying information.

The hacking group claims that ALM doesn't actually delete everything, stating that the user's real name and credit card details remain online.

ALM revealed in April that it planned to float on the London Stock Exchange as it looked to raise money from investors hungry to cash in on the success of dating startups.

The company tried floating in Toronto five years ago, only to be greeted to a lack of appetite among cautious North American investors.

"Europeans have a more laissez-faire attitude toward infidelity," said Christoph Kraemer, head of international relations for AshleyMadison at the time. "Investors here will look past that and at the numbers."

Kassem Younis, a privacy expert and CEO of Thoughts Around Me, an app that lets people share things anonymously about issues affecting their everyday lives, said AshleyMadison has let its users down by failing to protect them.

"There are many reasons why people would want to protect their identities online - whether or not you agree with the premise of this particular service, users have placed their trust in Ashley Madison and have been badly let down. What is most worrying is that this points to a wider trend of anonymous apps and websites being hacked, including Secret in August 2014.

"The scale of this hack is what will trouble the UK's 1.2 million users the most. With reports that Ashley Madison's customers have had everything from their credit card details to their real names and even their sexual fantasies compromised, there may be a lot of red faces in the UK this morning and much damage has likely already likely been done."


The company sent the following statement: "Following the earlier unprovoked and criminal intrusion into our system, Avid Life Media immediately engaged one of the world's top IT security teams to take every possible step toward mitigating the attack.

"Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the all posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online. We have always had the confidentiality of our customers' information foremost in our minds and are pleased that the provisions included in the DMCA have been effective in addressing this matter.

"Our team of forensics experts and security professionals, in addition to law enforcement, are continuing to investigate this incident and we will continue to provide updates as they become available."

Join the CSO newsletter!

Error: Please check your email address.

Tags securityAvid

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sam Shead

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place