AshleyMadison hack threatens to out 37 million adulterers

Hackers in The Impact Group are unhappy about the website's "Full Delete" feature

Adultery website AshleyMadison has been hacked by a group that are now threatening to expose the platform's 37 million cheating users unless the website is taken down.

The website, whose tagline is "Life is Short. Have an Affair", is founded on confidentiality and privacy. It facilitates relationships between married people looking to cheat on their spouse. If its users were made public then it's likely that a string of divorces would follow.

The data was stolen from Avid Life Media (ALM), which owns Ashley Madison along with other hookup sites such as Cougar Life and Established Men.

ALM confirmed the hack today by issuing a statement.

In April, ALM claimed AshleyMadison was the second most popular dating site in the world, losing out only to dating giant It also claimed to have 1.7 million users in Britain.

The hacking group behind the attack refers to itself as "The Impact Team".

Security blog KerbsOnSecurity said the group has already published a small percentage of the site's user account data online.

When the group published the data, it also released a statement demanding AshleyMadison and Established Men were removed from the internet.

Should ALM fail to do this then the hackers are threatening to reveal the names, addresses and sexual fantasies of the millions of people who have created a profile on AshleyMadison.

ALM said in a statement: "We apologise for this unprovoked and criminal intrusion into our customers' information.

"We have been able to secure our sites, and close the unauthorised access points.

"Any and all parties responsible for this act of cyber-terrorism will be held responsible."

The Impact Team has targeted ALM over its Full Delete feature - a $19 service that allows AshleyMadison users to remove their profile and all accompanying information.

The hacking group claims that ALM doesn't actually delete everything, stating that the user's real name and credit card details remain online.

ALM revealed in April that it planned to float on the London Stock Exchange as it looked to raise money from investors hungry to cash in on the success of dating startups.

The company tried floating in Toronto five years ago, only to be greeted to a lack of appetite among cautious North American investors.

"Europeans have a more laissez-faire attitude toward infidelity," said Christoph Kraemer, head of international relations for AshleyMadison at the time. "Investors here will look past that and at the numbers."

Kassem Younis, a privacy expert and CEO of Thoughts Around Me, an app that lets people share things anonymously about issues affecting their everyday lives, said AshleyMadison has let its users down by failing to protect them.

"There are many reasons why people would want to protect their identities online - whether or not you agree with the premise of this particular service, users have placed their trust in Ashley Madison and have been badly let down. What is most worrying is that this points to a wider trend of anonymous apps and websites being hacked, including Secret in August 2014.

"The scale of this hack is what will trouble the UK's 1.2 million users the most. With reports that Ashley Madison's customers have had everything from their credit card details to their real names and even their sexual fantasies compromised, there may be a lot of red faces in the UK this morning and much damage has likely already likely been done."


The company sent the following statement: "Following the earlier unprovoked and criminal intrusion into our system, Avid Life Media immediately engaged one of the world's top IT security teams to take every possible step toward mitigating the attack.

"Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the all posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online. We have always had the confidentiality of our customers' information foremost in our minds and are pleased that the provisions included in the DMCA have been effective in addressing this matter.

"Our team of forensics experts and security professionals, in addition to law enforcement, are continuing to investigate this incident and we will continue to provide updates as they become available."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Avid

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Sam Shead

Latest Videos

More videos

Blog Posts