The 37 million users of hacked infidelity site Ashley Madison are at risk of having their names, as well as private and financial details, leaked, reports The Verge.
The site, which has the slogan "Life is short. Have an affair.", was attacked by a group calling itself the Impact Team, which claims to have gained complete access to the company's databases – including user names, addresses and profiles, as well as company documents, emails and more.
Ashley Madison belongs to parent company Avid Life Media (ALM) – also responsible for the websites Cougar Life and Establish Men – which confirmed the breach to security journalist Brian Krebs, who initially broke the news.
So far just 40MB of data has been released – including company documents and credit card details – but the attackers warn that more will follow should ALM not permanently remove certain online properties from the web.
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online,” said a statement from Impact Team.
According to The Guardian, Impact Team has taken issue with Ashley Madison for charging users £15 when they want to leave the site for a 'full delete' of their details, despite actually holding on to key details including names and address. The attackers have described the 'full delete' service offered by ALM as a "complete lie".
ALM says it has managed to fix the security flaw used in the attack, and is now working with law enforcement agencies to bring the perpetrators to justice.
The statement from ALM reads: “We apologise for this unprovoked and criminal intrusion into our customers’ information. The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies."
