Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy Security The Internet News

Affair Site Hackers Threaten Release of All User Data Unless It Closes 446

heretic108 writes: According to KrebsOnSecurity, the infamous Ashley Madison affairs hookup website has been hacked by a group calling itself The Impact Team. This group is demanding the immediate and permanent shutdown of Ashley Madison, as well as similar sites Cougar Life and Established Man, owned by the same company: Avid Life Media. If the sites aren't shut down, the hackers are threatening to publicly release personal data for 37 million users. ALM has confirmed that a hack took place, and the hackers posted snippets of account data, as well as bank and salary information from the company itself.
This discussion has been archived. No new comments can be posted.

Affair Site Hackers Threaten Release of All User Data Unless It Closes

Comments Filter:
  • by FatdogHaiku ( 978357 ) on Monday July 20, 2015 @08:42AM (#50144571)
    People likely to have an affair will do so with or without a website...
    • by bluefoxlucid ( 723572 ) on Monday July 20, 2015 @09:02AM (#50144711) Homepage Journal
      Perhaps so; but We, the Righteous, will hack them all and show our moral superiority!
      • by fuzzyfuzzyfungus ( 1223518 ) on Monday July 20, 2015 @09:27AM (#50144843) Journal
        I would actually be interested to know what the logic is here: the hacker clearly doesn't like AM, or they wouldn't be spoiling their rumored-IPO quite this enthusiastically, they also don't like the users they are threatening to expose; but they also appear to be really bent out of shape about AM's allegedly-dishonest-and-exploitative 'pay to purge the embarrassing traces' feature.

        Anger about that feature would seem to be something more likely in some portion of the users, or among people who identify with the interests of the users; but this interested party displays only contempt for them; rather than viewing AM's attempt to squeeze them as an amusing and justified punishment.

        We obviously have no particular reason to trust their statement; but we do have to expect that they have a reason worth the legal exposure for doing this(especially since the dataset they are talking about would probably be worth a decent sum for sale to others looking for really juicy spearphishing targets ) rather than not attempting the hack at all or hacking but then staying quiet about it. My guess would be that it is more about attacking the site operator than about the users specifically; it is pretty common for at least a person or two to end up suitably embittered during the course of business.
        • by Anonymous Coward on Monday July 20, 2015 @09:42AM (#50144945)

          I'd hazard a guess that one of the hackers on the team was mad that his wife had an affair using the site, so he got his hacking buddies together to take revenge.

        • by TheCarp ( 96830 ) <sjc@@@carpanet...net> on Monday July 20, 2015 @10:02AM (#50145095) Homepage

          You'd like to think that, wouldn't you?! You've beaten my giant, which means you're exceptionally strong, so you could've put the poison in your own goblet, trusting on your strength to save you, so I can clearly not choose the wine in front of you! But, you've also bested my Spaniard, which means you must have studied, and in studying you must have learned that man is mortal, so you would have put the poison as far from yourself as possible, so I can clearly not choose the wine in front of me!

          I think you are missing some serious possibilities for your over-analyse :)

          What if the hackers in question simply do not take as nuanced of a view as you and are just throwing shit against the wall in order to justify their actions and stir up some publicity?

          Perhaps, they were paid by a rival site or, are even an ex-employee?

          > My guess would be that it is more about attacking the site operator than about the users specifically; it is pretty common for at least a person or two to end up suitably embittered during the course of business.

          Well there are only so many glasses the powder can be in right? Sounds about right, personal grudge or even rival corp. Hell, I almost got involved with a contract to do some cleanup a while back because someone had found out his developer in India was abusing the company servers to run his own side business and fired him..... to which he responded by logging in to their hosting service and turning off machines; I could see a more vindictive person doing something like this.

          People making twisted ethical arguments in order to justify what they want to do is not really anything new though so it is hard to rule out people who just wanted to pick a target to hack and are justifying a target that wont get a ton of sympathy. It can also be a little of A and a little of B.

          The only thing really clear is they don't seem to have done this for money, though, who knows if they have another angle. Maybe they are contacting individuals who look like they might be able to afford to keep their info out of the dump? I bet you there are more than a few who would pay up.

          But remember, we live in a world where people actually say things like "If I find he is sleeping with someone else I am going to beat her bloody"....like the third party is the one who did wrong. These are matters that evoke passions that, for many people, shine far brighter than ethics and reason.

          Its so much easier when they just demand a ransom or something. Who benefits from the site shutdown? Even a rival site would likely see reputational fallout from this. In fact, the only parties I can think of who really would benefit here are divorce lawyers and the traditional dating sites who may see a slight bump, but its hard to see how they would see this as worth it when there is so much competition for desperation already.

        • by cdrudge ( 68377 ) on Monday July 20, 2015 @10:11AM (#50145163) Homepage

          I would actually be interested to know what the logic is here: the hacker clearly doesn't like AM, or they wouldn't be spoiling their rumored-IPO quite this enthusiastically, they also don't like the users they are threatening to expose; but they also appear to be really bent out of shape about AM's allegedly-dishonest-and-exploitative 'pay to purge the embarrassing traces' feature.

          I'd be really surprised if the actual hacker(s) really had any moral stance one way or another. My money would be be on just pure financial greed. They see AM and it's customers as a paycheck. They see AM as a source of money and are applying pressure directly on them to pay up and/or shut down. They also pressure subscribers to pressure AM from the other side to pay up to not reveal their information.

          In the end I think it will be a loss for the hackers and customers. The hackers aren't going to get their money. AM takes a PR hit but doesn't really care because they already run a website for people with questionable ethics/morality. Customers info might get released, but for the 3 people that are actually real, married, and their partner doesn't already know, the shit might hit the fan. For everyone else, no one cares. And if you're a paying subscriber to a cheating website with your own real information, you're already a fucking idiot and get what you deserve for being a dumbass.

          • I don't see any requests for money, so who is going to pay the hackers?

            Individual customers certainly won't.

            AM certainly wouldn't.

            The hackers just want the site to shut down.

            • by Penguinisto ( 415985 ) on Monday July 20, 2015 @11:05AM (#50145621) Journal

              I don't see any requests for money, so who is going to pay the hackers?

              Individual customers certainly won't.

              Dunno - one good spearphishing campaign based on the personal info gathered from the hack would probably garner quite a bit of money... and none of us would ever hear about it. The public announcements would only add to the credibility of the blackmail threats.

          • by tlhIngan ( 30335 ) <slashdot.worf@net> on Monday July 20, 2015 @01:05PM (#50146783)

            I'd be really surprised if the actual hacker(s) really had any moral stance one way or another. My money would be be on just pure financial greed. They see AM and it's customers as a paycheck. They see AM as a source of money and are applying pressure directly on them to pay up and/or shut down. They also pressure subscribers to pressure AM from the other side to pay up to not reveal their information.

            In the end I think it will be a loss for the hackers and customers. The hackers aren't going to get their money. AM takes a PR hit but doesn't really care because they already run a website for people with questionable ethics/morality. Customers info might get released, but for the 3 people that are actually real, married, and their partner doesn't already know, the shit might hit the fan. For everyone else, no one cares. And if you're a paying subscriber to a cheating website with your own real information, you're already a fucking idiot and get what you deserve for being a dumbass.

            Actually, you're underestimating the impact. The information you have on AM would be perfect for blackmail. And I'm sure you can find some rather large and high-powered people to whom the release of information like that could be deadly - either professionally or politically.

            You might think everyone having an affair is doing so with their spouse's full knowledge, but that's unlikely to be the case. I'm sure a tiny percent of those are in open marriages, and maybe a slightly larger proportion are doing so with the spouse's knowledge.

            AM is not for people "dating" or "looking for a companion" - they're specifically for people already in a marriage to commit adultery. And this isn't the sort of "let's just get a prostitute" thing either.

            So yes, the release of information is potentially devastating, and a good proportion of those marriages will end in divorce, while the others will probably end up with said spouse being a slave.

            There may be no money request now, but I'm sure once the offer to shut down is refused, the hackers will be contacting everyone one of those 37M people and asking them for say, $10/month to keep quiet. Not too much to bother police about, see, but enough for a large and steady income.

            And yes, the amount is important - ask for too much and the "punishment" for revealing you're an adulterer is probably not as bad. Make it a small amount and most people will just pay for the silence.

            Heck, even the hint of a potential affair will drive some marriages on the rocks. Even if there was no one night fling - just having your spouse know you were looking puts you in the doghouse of distrust. (And no, this isn't gender specific - men AND women who were cheated on are equally vindictive to their partners).

            I know when I first saw the ads on TV (regular mainstream TV, I know AM has been around a long time, but their profile has been quite low), I knew they would be a perfect hacking target.

      • by Anonymous Coward on Monday July 20, 2015 @09:28AM (#50144845)

        There ought to be some societal reward for all of us married folk who take our vows seriously, even if that reward comes in the form of a Nelson laugh at the cheaters' expense.

        HA ha /Nelson

        • There already is one. Tax rebates.

          Us unmarried folks get to fuck anyone we want, you marrieds get to keep your money and the married ones that want both have to accept the risk.

          Sounds pretty fair already to me.

          • by TWX ( 665546 ) on Monday July 20, 2015 @10:07AM (#50145133)
            Last time I checked, the tax situation for being married without having any dependents weren't especially better than for being single. First couple tax seasons after getting married we calculated our taxes both ways, and there wasn't really much of a difference.
          • by NotDrWho ( 3543773 ) on Monday July 20, 2015 @10:35AM (#50145391)

            you marrieds get to keep your money

            They get those cool minivans too.

      • Interesting choice of name, though: The Impact Team (TIT). What were they thing of?

    • Re: (Score:2, Interesting)

      People likely to have an affair will do so with or without a website...

      The site delays the inevitable discovery by their spouse, thereby increasing the damaged caused by the dishonesty. Anything that destroys truth is evil. Period. This site and the people that use it are disgusting.

      • by TWX ( 665546 ) on Monday July 20, 2015 @10:17AM (#50145211)
        People are disgusting anyway. This is simply another in a long line of ways for people to hide communications that include alternate Internet e-mail addresses, alternate accounts through AOL, Compuserve, and Prodigy, PO Boxes, and if one goes back REALLY far, private couriers.

        Ironic thing is, unless one's spouse or significant-other has really, REALLY let themselves go, the grass really isn't greener on the other side. The other person might appeal because they're new, but it's usually because they're new and the shiny luster hasn't been worn off through familiarity, and once that familiarity is well and truly established the new person isn't any better than the previous one, and could actually be worse.
        • by Charliemopps ( 1157495 ) on Monday July 20, 2015 @10:42AM (#50145449)

          It's simple. Living with someone exposes their flaws. It's hard to see the flaws in people you don't live with. Less flaws = more attractive.

          But the fact of the matter is, you should live up to your obligations. Sometimes you make bad choices in life... sometimes they are so bad that it affects the rest of your life... you end up missing an arm, or in prison, or married to a drunk. You've got to live with your choices, and do your best improve the situation. But lies, and dishonesty are not the way. Don't like your wife? Go to counseling, work it out with her... if all else fails, be honest with her and get a divorce, then start dating.

          What exactly is the person that's visiting a site like this doing? It's pure, 100% evil. There is nothing good that comes of cheating. You're exposing your wife and children to all sorts of danger and instability. STDs, scorned women... God only knows. You're further harming your marriage with distrust and dishonesty. Infidelity is the ultimate selfish act, and it's at the expense of the people that are the closest to you. There are few other acts that even remotely compare in their depravity, and self interest.

          It's not the cheating... it's the lying... and why you're lying. You're causing your spouse ultimate pain, for basically nothing. And you could avoid all of that with a few months of heart ache and once court appearance.

          • by sjames ( 1099 )

            Hear Hear!

            There is exactly once in my life that I have been actually morally offended by a commercial and it's theirs.

          • It's pure, 100% evil.

            You set a pretty low bar for evil in a world where there are ISIL, paedophiles, genocides, rapists, murderers and Donald Trump.

      • by tibit ( 1762298 ) on Monday July 20, 2015 @10:19AM (#50145241)

        If we wanted to swing or do it with other people, both me and my wife would simply sign up on AM or a similar site, with full knowledge of each other. Perhaps most people "cheat" without their spouses knowing about it? I thought the whole point of rational adults being married was that they talked and shit? Sigh.

    • by AmiMoJo ( 196126 )

      What percentage wouldn't have had an affair if not encouraged by seductive advertising or given the opportunity to meet someone online rather than having to trawl bars or date people they know where the risk of discovery is higher?

      I have no idea, but for these sites to be making money the answer must >0%.

    • by aynoknman ( 1071612 ) on Monday July 20, 2015 @11:57AM (#50146055)

      People likely to have an affair will do so with or without a website...

      Your comment ignores the nature of temptation. These websites have a corrupting influence on those who are not likely to have an affair. They catch the idly curious and change "I wonder what it would be like?" to "That person is available to me." and tempt those who would not be inclined and push them to take action.

  • by bigjocker ( 113512 ) * on Monday July 20, 2015 @08:44AM (#50144579) Homepage

    when I signed for ashleymadison.com

    • by vivaoporto ( 1064484 ) on Monday July 20, 2015 @09:08AM (#50144745)
      From The Guardian article [theguardian.com] (as the krebsonsecurity seems to be slashdotted):

      The site, which encourages married users to cheat on their spouses and advertises 37 million members, had its data hacked by a group calling itself the Impact Team. At least two other dating sites, Cougar Life and Established Men, also owned by the same parent group, Avid Life Media, have had their data compromised.

      "Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online," the group's statement reads.

      The hackers' main point of contention is with the fact that Ashley Madison charges users a fee of 15 pounds to carry out a "full delete" of their information if they decide to leave the site. Although users have the option of permanently hiding their profile free of charge, the company's advertisements claim that the full delete service is the only way to completely remove their information from the servers.

      But the hackers say that that claim is âoea complete lieâ.

      "Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed," they allege.

      • The hackers' main point of contention is with the fact that Ashley Madison charges users a fee of 15 pounds to carry out a "full delete" of their information if they decide to leave the site. Although users have the option of permanently hiding their profile free of charge, the company's advertisements claim that the full delete service is the only way to completely remove their information from the servers.

        Still don't approve of the hackers, but I have a lot less sympathy for the company, if this is true

      • Is it legal for them to delete all the records of their credit card transactions? I would guess that they have to keep some records for some period of time, for the IRS, for PCI compliance, etc.
        • I would guess that they have to keep some records for some period of time, for the IRS, for PCI compliance, etc.
          But not on the online data base connected to the site!
          And paper records would be good enough anyway.

        • by tnk1 ( 899206 )

          Not only legal to delete the transactions from their online site, but if they were following PCI, required after a certain point.

          They could certainly have kept all of that for a longer period in their accounting system, but it is not clear to me that this is what was hacked, as that should have been a non-public system.

          Also, all PII and cardholder data should be encrypted, so either ALM didn't encrypt the data, used shit encryption, or there was an insider. Knowing many companies, any of the three is a lik

        • Point of order: PCI compliance demands that you do *not* store customer CC data unless absolutely necessary [pcisecuritystandards.org] (mind the PDF, Henry).

          On the other hand, the company is based in Canada, and I'm not sure what their data retention laws may entail. Since the company is pre-IPO, they may have aligned their policies to the Canadian equivalent of SOX (if they have one), but otherwise I don't see much demand to store the CC info for any legit business purpose.

      • by tibit ( 1762298 ) on Monday July 20, 2015 @10:23AM (#50145281)

        Given that it's rather easy to use a credit card with an assumed name, and also a fake billing address submitted while paying, I really don't see why the people who wanted to stay discreet/anonymous didn't do so.

        In case anyone wanted to know how to do it, at least in the U.S. it's rather trivial:

        1. Add an authorized user on your credit card account. The name can be fake. You'll get a card for that user.

        2. Add a throwaway billing burner phone number on your account. Can be a $5 Tracfone from Walmart. This is optional only if the billing processor demands a phone number.

        3. When registering/paying for AM, use the fake authorized user's card, and enter your address with a wrong name of the street. The ZIP and house number must match, the street name doesn't have to. The phone number should be the burner phone.

        If the hackers get your data, all they have dirt on is a fictional character. This is 21st century, I thought every guy who knows how to use a bank account and a computer would know this shit?

  • Go ahead (Score:5, Interesting)

    by 1_brown_mouse ( 160511 ) on Monday July 20, 2015 @08:44AM (#50144585)
    I get the feeling most of the profiles are fake anyway to pull in gullible males. Never give in to blackmail.
    • Re:Go ahead (Score:5, Insightful)

      by DoofusOfDeath ( 636671 ) on Monday July 20, 2015 @08:55AM (#50144661)

      I get the feeling most of the profiles are fake anyway to pull in gullible males.

      Never give in to blackmail.

      Even better yet: Make every effort to be loyal to your spouse. If you fail, repent, hope for forgiveness, and try harder next time. Flee from all forms of temptation to do evil.

      Easier said than done, to be sure.

      • Re:Go ahead (Score:5, Funny)

        by Anonymous Coward on Monday July 20, 2015 @09:09AM (#50144751)

        As a married man, the last thing I'd want in my life would be another woman. I can barely handle the one I have!

        I tell my wife, if she's going to have an affair, at least make sure they guy is rich.

        • Re:Go ahead (Score:5, Funny)

          by PopeRatzo ( 965947 ) on Monday July 20, 2015 @09:30AM (#50144867) Journal

          I tell my wife, if she's going to have an affair, at least make sure they guy is rich.

          I'm much more reasonable. I tell my wife that if she's going to have an affair, at least make sure the guy plays Sonic & All-Stars Racing so I have someone to play split-screen with.

        • Re:Go ahead (Score:4, Funny)

          by GlennC ( 96879 ) on Monday July 20, 2015 @10:33AM (#50145363)

          I tell my wife, if she's going to have an affair, at least make sure they guy is rich.

          I'd be disappointed if my wife screwed around behind my back. She knows I like to watch!

        • Re:Go ahead (Score:5, Informative)

          by Anonymous Coward on Monday July 20, 2015 @10:34AM (#50145379)

          As a married man, the last thing I'd want in my life would be another woman. I can barely handle the one I have!

          That's why -as the joke goes- an engineer should have a wife and a mistress. Both of them will assume you're spending time with the other, and during that time you can go to the lab and get soms work done.

      • Re: (Score:3, Insightful)

        Easier said than done, to be sure.

        Pro Tip: Make the decision not to cheat before you begin any relationship. Once in a relationship, learn to not let your eyes wander.

        • Re:Go ahead (Score:5, Insightful)

          by Penguinisto ( 415985 ) on Monday July 20, 2015 @10:14AM (#50145185) Journal

          This, right here.

          It's not that hard to keep yourself in check, gents. You either love your S/O or you do not. If you do, you will do your level best to remain faithful. ...besides, most of you schmucks are geeks - if you found someone that actually puts up with our little quirks and habits and loves our kind in spite of ourselves, why would you screw that up?

        • Re:Go ahead (Score:5, Insightful)

          by cdrudge ( 68377 ) on Monday July 20, 2015 @10:21AM (#50145259) Homepage

          Once in a relationship, learn to not let your eyes wander.

          Or perhaps learn to be in a relationship that is built on trust and not on preventing eyes from wandering. I've been married for 15 years and my wife has no problems with me letting my eyes wander because she knows at the end of the day, I still always wander home to her in our bed, and no one else's.

      • by AmiMoJo ( 196126 )

        Or know when to call it a day and end the relationship mutually, before it gets bad enough to warrant a divorce.

        • by TWX ( 665546 )
          Isn't ending a relationship mutually still a divorce if it's a married relationship?

          Honestly I've known of two marriages that ended even without claims of sexual infidelity and neither was terribly happy. In one case they were poor enough to where there wasn't much to fight about and in the other case both parties were smart enough to divide assets without a whole lot of fighting knowing that it would cost more in lawyer fees than the items being fought-over would cost. in the latter case it also helpe
      • Even better yet: Make every effort to be loyal to your spouse. If you fail, repent, hope for forgiveness, and try harder next time. Flee from all forms of temptation to do evil.

        Even better yet....don't get married at all, unless you are planning to have children.

        If you're not wanting to have kids, then there is no real reason to get married. This way, you don't lose half your shit with you "upgrade" to a new and better mate periodically. No need for repent and forgiveness....

      • Even better yet: Make every effort to be loyal to your spouse. If you fail, repent, hope for forgiveness, and try harder next time. Flee from all forms of temptation to do evil.

        I suspect that's what goes through Ben Affleck's mind every time he starts a new movie. "This time it will be different," he tells himself.

    • by 1u3hr ( 530656 )
      The tit size and penis length parts are probably unreliable. The names, addresses and credit card numbers (since it's a pay site) must be real.
      • The names, addresses and credit card numbers (since it's a pay site) must be real.

        I think a name is pretty easy to fake. Last time I checked, PO Boxes can be had for a very small fee (or once could even put a false address in.....what correspondence would a person want to receive via US mail from that site at their home?), and as for the Credit Card, once could just get a prepaid Visa Debit Card, load it with funds, and use that to pay.

        Voila! Privacy secured.

        If someone truly gets caught because of this, they weren't being careful. Now, I want to be clear here, I am absolut

        • by 1u3hr ( 530656 )

          Again, its not the "dating profile" that matters, but the membership in the site. You need real details for the financial transactions.

          (Yeah, they could use bitcoin, but this isn't a geek site, they'd just use their AmeX.)

          • No, you don't.

            Just get a prepaid Visa Debit card from the rack at Walgreen's or Wal-Mart, or CVS, or Rite Aid, or Family Dollar, or wherever. Pay for it as if it were a "gift card" and load it with however much money you need on it. Then use that card to pay for your membership. Poof! Financial transaction with no paper trail (unless someone really wants to go through and find out where the card was purchased, and if you're that paranoid, just pay cash).
  • by XxtraLarGe ( 551297 ) on Monday July 20, 2015 @08:44AM (#50144589) Journal
    The first thing that came to mind when I heard of this site is "This is a prime target for a hacking/blackmail scheme." The only surprise here is that it didn't happen sooner.
    • by xxxJonBoyxxx ( 565205 ) on Monday July 20, 2015 @08:48AM (#50144605)

      >> this is a prime target for a hacking/blackmail scheme

      My first thought was that the entire point of the site was to BE a blackmail scheme.

      • by DarkOx ( 621550 ) on Monday July 20, 2015 @09:11AM (#50144757) Journal

        1) Set up a site for cheaters
        2) Charge a subscription fee
        3) Profit!
        4) Accidentally leave some live shells open and ipkvm with a super weak password or easy vuln on a high port
        5) Let 4 slip to cousin Jimmy at the family reunion if he will split the take
        6) Confirm to the press the hack to place so black mail victims will take Jimmy seriously.
        7) Profit! some more

        See there is isn't even a ?? step and two Profit! steps!

        • Also, as a bonus, there are probably some Congressmen and other public officials who are dumb enough to sign up for a site like this. Suddenly you have a bunch of influence in the government without needing to go through the normal route of bribing people through "campaign contributions".
      • Maybe this is the first step of the grand monetization scheme...

        ALM can now start a Kickstarter: "if we receive $20,000,000 we will invest the full efforts of our company into a rockclimbing website and immediately shut down all other websites including X, Y, Z and delete all user data."

        The third step would be the hacker provides explicit endorsement of this scheme "as a means to an end" after the Kickstarter begins.

        Because of the power-law value of customer information (many fake, some disguised, few real,

      • by Gravis Zero ( 934156 ) on Monday July 20, 2015 @09:18AM (#50144785)

        this is a prime target for a hacking/blackmail scheme

        My first thought was that the entire point of the site was to BE a blackmail scheme.

        it was a blackmail scheme but now those rotten hackers have ruined it for me!

      • My first thought was that the entire point of the site was to BE a blackmail scheme.

        Correct. From the article: "In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee."

    • by dj245 ( 732906 ) on Monday July 20, 2015 @08:54AM (#50144649)

      The first thing that came to mind when I heard of this site is "This is a prime target for a hacking/blackmail scheme." The only surprise here is that it didn't happen sooner.

      As someone who has data in there (out of curiosity), it couldn't have happened to better people. The people that run AshleyMadison are worse than the lowest spammers. Not because they sanction marital cheating, but because they are exceedingly scammy in every aspect of the way they operate their business. They make Paypal and Stamps.com look like saints.

  • Does this qualify... (Score:5, Interesting)

    by Enter the Shoggoth ( 1362079 ) on Monday July 20, 2015 @09:00AM (#50144687)

    ...as revenge porn?

  • Great News! (Score:5, Funny)

    by Anonymous Coward on Monday July 20, 2015 @09:00AM (#50144689)

    Now I'll get my listing circulated without paying a renewal fee!

  • by waspleg ( 316038 ) on Monday July 20, 2015 @09:05AM (#50144725) Journal

    Even it seems to be getting the shit pounded out of it.

    cache [googleusercontent.com]

    archive.org's just goes back to the original, the original never worked for me and the rest are taking a long long time to load.

  • by neghvar1 ( 1705616 ) on Monday July 20, 2015 @09:13AM (#50144765)
    One immoral act to shutdown another immoral act
    • I know! I hate everything the website in question stands for and I find the idea of breaking the law to shut them down reprehensible. How to choose sides?
      • by Charliemopps ( 1157495 ) on Monday July 20, 2015 @10:31AM (#50145341)

        I know! I hate everything the website in question stands for and I find the idea of breaking the law to shut them down reprehensible. How to choose sides?

        You apparently never played D&D. "Alignment" in D&D is actually a fairly ingenious way of looking at belief systems: https://en.wikipedia.org/wiki/... [wikipedia.org]

        This site was Lawful Evil.
        The hackers were Chaotic Good. (well I guess we don't really know do we?)
        You're apparently Lawful Good, so you're conflicted. The site breaks the "Good" part of your personality, but the hackers break the "Lawful" part.
        I'm probably Chaotic good... So this seems legit to me.

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          Anyone who thinks real-world ethics and morality can fit into D&D's neat little boxes of "alignment" clearly made INT their dump stat.

        • You must be a Ranger, and the OP a Paladin.

          Me, I'm just a fighter, neutral and available as a mercenary (in case anyone's hiring)

  • by otaku244 ( 1804244 ) on Monday July 20, 2015 @09:17AM (#50144779)
    Let's see them try to roll out credit protection here. It better come with a box of chocolates, some roses, and a spa-treatment (or a 6-pack and tickets to your spouses favorite event) because that credit score WILL go in the toilet.
  • by account_deleted ( 4530225 ) on Monday July 20, 2015 @09:20AM (#50144797)
    Comment removed based on user account deletion
  • by ciaran2014 ( 3815793 ) on Monday July 20, 2015 @09:21AM (#50144809) Homepage

    Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is “Life is short. Have an affair.”

    The data released by the hacker or hackers — which self-identify as The Impact Team — includes sensitive internal data stolen from Avid Life Media (ALM), the Toronto-based firm that owns AshleyMadison as well as related hookup sites Cougar Life and Established Men.

    Reached by KrebsOnSecurity late Sunday evening, ALM Chief Executive Noel Biderman confirmed the hack, and said the company was “working diligently and feverishly” to take down ALM’s intellectual property. Indeed, in the short span of 30 minutes between that brief interview and the publication of this story, several of the Impact Team’s Web links were no longer responding.

    “We’re not denying this happened,” Biderman said. “Like us or not, this is still a criminal act.”

    Besides snippets of account data apparently sampled at random from among some 40 million users across ALM’s trio of properties, the hackers leaked maps of internal company servers, employee network account information, company bank account data and salary information.

    The compromise comes less than two months after intruders stole and leaked online user data on millions of accounts from hookup site AdultFriendFinder.

    In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.

    According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.

    “Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”

    Their demands continue:

    “Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”

    A snippet of the message left behind by the Impact Team.

    It’s unclear how much of the AshleyMadison user account data has been posted online. For now, it appears the hackers have published a relatively small percentage of AshleyMadison user account data and are planning to publish more for each day the company stays online.

    “Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers continued. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

    ALM CEO Biderman declined to discuss specifics of the company’s investigation, which he characterized as ongoing and fast-moving. But he did suggest that the incident may have been the work

  • by RogueWarrior65 ( 678876 ) on Monday July 20, 2015 @09:24AM (#50144825)

    Full disclosure: I'm not defending this company for what it does.
    For those of you who were tired of the old criminal justice system, be careful what you wish for. To these hackers and many other people, the fact that this company is not illegal in the eyes of the old criminal justice system is irrelevant. To these hackers, it is amoral. These hackers have decided unilaterally what morality is, who is guilty, and how punishment will be executed. Publicly destroying people and businesses that somehow offend somebody else is now the new normal. The old system of justice won't protect you anymore because even if the old system catches these hackers, the damage will be done and can't be undone.

    • by Fire_Wraith ( 1460385 ) on Monday July 20, 2015 @10:03AM (#50145107)
      Moreover, I think of this in terms of the panopticon/total awareness paradigm. We are in no way used to living in a society where our every action is not only recorded, but monitored, to the point that we not only have no secrets, but that we can be punished for transgressions we might have otherwise gotten away from.

      Think about in the office. In times past your boss couldn't monitor you 100% of the day, and unless you really abused things, it was safe to spend a few extra minutes chatting at the water cooler about last night's TV. Now your computer can flag you the instant you step away for more than your allotted two minute bathroom break, and alert your boss.

      Or take speeding, for instance. While it's illegal, something like 99%+ of drivers are going to exceed the speed limit by 1 to 5 mph on any given day. Our speed limits are to a certain degree calculated with that in mind. Do we want to have our locations monitored 24/7 to calculate if we violated them?

      Personally, I don't think people should be cheating, but it's not my place to judge them, nor do I want to see it exposed like this.
  • by ciaran2014 ( 3815793 ) on Monday July 20, 2015 @09:46AM (#50144979) Homepage

    I'm not happy this is happening, but I do hope that when things like this happen it makes people think critically about putting their private lives and their means of communication on other peoples servers (i.e. "the cloud").

    It's folly to think that 37 million Facebook accounts, with all their private messages and chats, won't be the next.

  • Comment removed based on user account deletion
  • Keep the site up and running, and RISK going out of business.

    - or -

    Go out of business and actually go out of business.

    I wonder; what choice is a predatory, opportunistic venture bound to take?

  • Krebs is overloaded by train-wreck picnickers [googleusercontent.com]

    Noel Biderman CEO [wikipedia.org] of How Low Can We Go, trading as Avid Media.

    Some of his demonstrably patent bullshit [prnewswire.com] about their security.

    "We have always had the confidentiality of our customers' information foremost in our minds, and have had stringent security measures in place".
    Um, encryption - have you heard of it? And PCI - yeah, right, a bus protocol.

    The "security" fail [cycura.com] company - they would have done better employing CyCura® the "binary ex-situ bioremediation s

  • by Virtucon ( 127420 ) on Monday July 20, 2015 @11:41AM (#50145911)

    They just had 74 million prospective clients show up on their doorstep.

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...