Of the 37-million subscribers to the online cheating site AshleyMadison (AM) the quest for an extramarital affair may turn into panic and despair thanks to a team of hackers threatening to expose customer sexual fantasy profiles and matching credit card transactions.
Subscribers logging in this week were shocked to learn that hackers found a weakness at Avid Life Media (ALM), the Toronto based firm that owns AM, and randomly lifted sensitive user information, believed to be deleted, leaking some of it online. Also stolen were maps of internal company servers, employee network account information, company bank account data and salary information.
While the fantasies may be imagined, the names and addresses from credit card transactions are real.
The firm was quick to downplay the hack and have not posted any information or reassurances to its subscribers. Taking credit is The Impact Team, a group or an individual claiming to have completely compromised the company’s user databases, and other company information.
ALM Chief Executive Noel Biderman confirmed the hack, and said the company was “working diligently and feverishly” to take down ALM’s intellectual property, as reported by KrebsOnSecurity.com, a security news and investigation site.
The attack is apparently in response to the company’s claim that it would completely erase subscriber information data for a neat $19 fee, which allows access to ALM’s “Full Delete” feature, a feature the hacking group says, “is a complete lie.”
“In most cases users pay with a credit card and personal information is real,” said Terry Cutler, an ethical hacker and Founder of Cyology Labs, Inc based in Montreal, Canada. “If billing information is not removed as promised and the database is breached then real names and addresses as well as credit card numbers are exposed.”
Reportedly, Avid Life Media banked $1.7 million in revenue in 2014 from its Full Delete feature.
“What goes online stays online in some way,” Cutler said. “You cannot guarantee Full Delete.”
Unless ALM shuts down its operations, which includes Cougar Life and Established Men, the group is threatening to release all customer information, which includes photos, sexual fantasies and so on.
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms,” the hacker group said in a statement. “If ALM doesn’t comply, “we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
Its unlikely ALM will shut down.
ALM did release a statement saying, “We immediately launched a thorough investigation utilizing leading forensics experts and other security professionals to determine the origin, nature, and scope of this incident.”
The breach could have been prevented.
“Companies need to be ahead of the game,” said Cutler. “What’s online stays online but the key to protection is advanced and evolving software that can detect a hack in real time,” he stated. Cutler, who operates Cyology Labs, an Internet security firm uniquely focused on advance hacking technology, says we need to be ahead by three steps, not one step ahead of the hackers.
I’m a government cleared cybersecurity expert (a Certified Ethical Hacker), and the Vice-President of Cyber at SIRCO, an investigations and protections firm in Montréal, Canada.
I’m also a frequent contributor to National & Global media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.