Affair Site Hackers Threaten Release of All User Data Unless It Closes 446
heretic108 writes: According to KrebsOnSecurity, the infamous Ashley Madison affairs hookup website has been hacked by a group calling itself The Impact Team. This group is demanding the immediate and permanent shutdown of Ashley Madison, as well as similar sites Cougar Life and Established Man, owned by the same company: Avid Life Media. If the sites aren't shut down, the hackers are threatening to publicly release personal data for 37 million users. ALM has confirmed that a hack took place, and the hackers posted snippets of account data, as well as bank and salary information from the company itself.
nothing new under the sun (Score:5, Interesting)
Re:nothing new under the sun (Score:5, Funny)
Re:nothing new under the sun (Score:5, Interesting)
Anger about that feature would seem to be something more likely in some portion of the users, or among people who identify with the interests of the users; but this interested party displays only contempt for them; rather than viewing AM's attempt to squeeze them as an amusing and justified punishment.
We obviously have no particular reason to trust their statement; but we do have to expect that they have a reason worth the legal exposure for doing this(especially since the dataset they are talking about would probably be worth a decent sum for sale to others looking for really juicy spearphishing targets ) rather than not attempting the hack at all or hacking but then staying quiet about it. My guess would be that it is more about attacking the site operator than about the users specifically; it is pretty common for at least a person or two to end up suitably embittered during the course of business.
Re:nothing new under the sun (Score:5, Interesting)
I'd hazard a guess that one of the hackers on the team was mad that his wife had an affair using the site, so he got his hacking buddies together to take revenge.
Re:nothing new under the sun (Score:5, Interesting)
Re: (Score:2)
Umm, that charging but not actually removing it was already pretty well known previously I think.
I could have sworn I remember read about it previously.
Re: Legal Obligations should make this obvious (Score:4, Informative)
Re: (Score:3)
Hey, they were only keeping open the possibilities for future business models [youtube.com].
Re:nothing new under the sun (Score:4, Interesting)
I'd hazard a guess that this is a disgruntled insider, based in part on the fact that they claimed knowledge of internal practices (charging for profile deletion, but then retaining the information anyway). It's certainly possible someone could find that out through other means (having paid to have it deleted, then having it found anyway), but insider access explains a lot of things.
I wonder if someone got laid off or feels screwed out of IPO shares? It would seem someone who had access to accounts might be able to grab the info, or at least enough to convince AM they have.
Re:nothing new under the sun (Score:5, Funny)
I wonder if someone got laid off or feels screwed out of IPO shares?
I'll bet someone felt in their heart that the company promised one thing in good faith, then cheated on them.
Re:nothing new under the sun (Score:5, Interesting)
Re:nothing new under the sun (Score:5, Insightful)
Or they have some sort of financial interest in harming the site. It's like my grandpa used to say "Never ascribe to malice that which is adequately explained by fucking greed."
Re:nothing new under the sun (Score:5, Informative)
Heard on NPR this morning that they think it's an inside job, and has all the hallmarks of it being so.
Apparently someone got tired of the all unethical behavior. Something about an account being free to create, but $20 to delete (and then not really being removed, or something like that)
Re:nothing new under the sun (Score:5, Insightful)
I think you are missing some serious possibilities for your over-analyse :)
What if the hackers in question simply do not take as nuanced of a view as you and are just throwing shit against the wall in order to justify their actions and stir up some publicity?
Perhaps, they were paid by a rival site or, are even an ex-employee?
> My guess would be that it is more about attacking the site operator than about the users specifically; it is pretty common for at least a person or two to end up suitably embittered during the course of business.
Well there are only so many glasses the powder can be in right? Sounds about right, personal grudge or even rival corp. Hell, I almost got involved with a contract to do some cleanup a while back because someone had found out his developer in India was abusing the company servers to run his own side business and fired him..... to which he responded by logging in to their hosting service and turning off machines; I could see a more vindictive person doing something like this.
People making twisted ethical arguments in order to justify what they want to do is not really anything new though so it is hard to rule out people who just wanted to pick a target to hack and are justifying a target that wont get a ton of sympathy. It can also be a little of A and a little of B.
The only thing really clear is they don't seem to have done this for money, though, who knows if they have another angle. Maybe they are contacting individuals who look like they might be able to afford to keep their info out of the dump? I bet you there are more than a few who would pay up.
But remember, we live in a world where people actually say things like "If I find he is sleeping with someone else I am going to beat her bloody"....like the third party is the one who did wrong. These are matters that evoke passions that, for many people, shine far brighter than ethics and reason.
Its so much easier when they just demand a ransom or something. Who benefits from the site shutdown? Even a rival site would likely see reputational fallout from this. In fact, the only parties I can think of who really would benefit here are divorce lawyers and the traditional dating sites who may see a slight bump, but its hard to see how they would see this as worth it when there is so much competition for desperation already.
Re: (Score:3)
Re:nothing new under the sun (Score:5, Insightful)
I'd be really surprised if the actual hacker(s) really had any moral stance one way or another. My money would be be on just pure financial greed. They see AM and it's customers as a paycheck. They see AM as a source of money and are applying pressure directly on them to pay up and/or shut down. They also pressure subscribers to pressure AM from the other side to pay up to not reveal their information.
In the end I think it will be a loss for the hackers and customers. The hackers aren't going to get their money. AM takes a PR hit but doesn't really care because they already run a website for people with questionable ethics/morality. Customers info might get released, but for the 3 people that are actually real, married, and their partner doesn't already know, the shit might hit the fan. For everyone else, no one cares. And if you're a paying subscriber to a cheating website with your own real information, you're already a fucking idiot and get what you deserve for being a dumbass.
Re: (Score:3)
I don't see any requests for money, so who is going to pay the hackers?
Individual customers certainly won't.
AM certainly wouldn't.
The hackers just want the site to shut down.
Re:nothing new under the sun (Score:5, Insightful)
I don't see any requests for money, so who is going to pay the hackers?
Individual customers certainly won't.
Dunno - one good spearphishing campaign based on the personal info gathered from the hack would probably garner quite a bit of money... and none of us would ever hear about it. The public announcements would only add to the credibility of the blackmail threats.
Re:nothing new under the sun (Score:4, Insightful)
Actually, you're underestimating the impact. The information you have on AM would be perfect for blackmail. And I'm sure you can find some rather large and high-powered people to whom the release of information like that could be deadly - either professionally or politically.
You might think everyone having an affair is doing so with their spouse's full knowledge, but that's unlikely to be the case. I'm sure a tiny percent of those are in open marriages, and maybe a slightly larger proportion are doing so with the spouse's knowledge.
AM is not for people "dating" or "looking for a companion" - they're specifically for people already in a marriage to commit adultery. And this isn't the sort of "let's just get a prostitute" thing either.
So yes, the release of information is potentially devastating, and a good proportion of those marriages will end in divorce, while the others will probably end up with said spouse being a slave.
There may be no money request now, but I'm sure once the offer to shut down is refused, the hackers will be contacting everyone one of those 37M people and asking them for say, $10/month to keep quiet. Not too much to bother police about, see, but enough for a large and steady income.
And yes, the amount is important - ask for too much and the "punishment" for revealing you're an adulterer is probably not as bad. Make it a small amount and most people will just pay for the silence.
Heck, even the hint of a potential affair will drive some marriages on the rocks. Even if there was no one night fling - just having your spouse know you were looking puts you in the doghouse of distrust. (And no, this isn't gender specific - men AND women who were cheated on are equally vindictive to their partners).
I know when I first saw the ads on TV (regular mainstream TV, I know AM has been around a long time, but their profile has been quite low), I knew they would be a perfect hacking target.
Re: (Score:3)
3. The hackers posted a graphic that explained their motivation and you didn't read it.
http://securityaffairs.co/word... [securityaffairs.co]
The company running Ashley-Madison also runs sites that promote human trafficking.
Re:nothing new under the sun (Score:5, Funny)
There ought to be some societal reward for all of us married folk who take our vows seriously, even if that reward comes in the form of a Nelson laugh at the cheaters' expense.
HA ha /Nelson
Re: (Score:2)
There already is one. Tax rebates.
Us unmarried folks get to fuck anyone we want, you marrieds get to keep your money and the married ones that want both have to accept the risk.
Sounds pretty fair already to me.
Re:nothing new under the sun (Score:5, Insightful)
Re: (Score:3)
This assumes people ever approach the ability to retire again.
Gone are the days of retiring with a pension to someplace warm, never to work again.
Welcome to the days of concentration of wealth and the need for perpetual employment, but combined with the "joys" of outsourcing, offshoring, reduction of pensions and uncertain future employment.
Re:nothing new under the sun (Score:5, Funny)
you marrieds get to keep your money
They get those cool minivans too.
Re:nothing new under the sun (Score:5, Insightful)
Standard deduction, single: $6300
Standard deduction, married filing jointly: $12600
The only tax break you get is if your wife is a stay-at-home mom where you can double your tax deduction. Of course, then she runs the risk of losing all her credits etc from having no income.
You get those breaks as a single parent too.
Re:nothing new under the sun (Score:5, Insightful)
It is called NOT losing half your shit you own for getting caught playing in someone else's panties.
Worse, you still might lose your shit because your wife let someone else play in her panties, and then continue paying for them to fuck in your house. Seriously, marriage is a terrible deal. One of my older friends had to pay his wife half of his retirement from the Army because they were married for ten years. It's not like she was deployed or actually did anything.
Re: (Score:2)
Interesting choice of name, though: The Impact Team (TIT). What were they thing of?
Re: (Score:2)
Interesting choice of name, though: The Impact Team (TIT). What were they thing of?
Breasts obviously!
Re:nothing new under the sun (Score:5, Interesting)
Re:nothing new under the sun (Score:5, Interesting)
It costs $15 and their data doesn't even get deleted...a scam that has netted $1.7M for ALM
In that case, AM might be liable for damages if someone paid to have the information deleted and it turns out it wasn't and then later gets stolen and released causing damage to the account holder. IANAL, but it would seem they would have at least an expectation the data was deleted, paid a consideration for AM to take a certain action (deleting information) in exchange, failed to do so as promised and as a result some suffered damages. While there is probably some T&C fine print that attempts to absolve them of all responsibility I would argue they were negligent in not deleting the data and safeguarding their systems and thus still liable. Given they are looking at IPO money they would have deep pockets for a class action suit.
Re: (Score:2, Interesting)
People likely to have an affair will do so with or without a website...
The site delays the inevitable discovery by their spouse, thereby increasing the damaged caused by the dishonesty. Anything that destroys truth is evil. Period. This site and the people that use it are disgusting.
Re:nothing new under the sun (Score:5, Insightful)
Ironic thing is, unless one's spouse or significant-other has really, REALLY let themselves go, the grass really isn't greener on the other side. The other person might appeal because they're new, but it's usually because they're new and the shiny luster hasn't been worn off through familiarity, and once that familiarity is well and truly established the new person isn't any better than the previous one, and could actually be worse.
Re:nothing new under the sun (Score:5, Insightful)
It's simple. Living with someone exposes their flaws. It's hard to see the flaws in people you don't live with. Less flaws = more attractive.
But the fact of the matter is, you should live up to your obligations. Sometimes you make bad choices in life... sometimes they are so bad that it affects the rest of your life... you end up missing an arm, or in prison, or married to a drunk. You've got to live with your choices, and do your best improve the situation. But lies, and dishonesty are not the way. Don't like your wife? Go to counseling, work it out with her... if all else fails, be honest with her and get a divorce, then start dating.
What exactly is the person that's visiting a site like this doing? It's pure, 100% evil. There is nothing good that comes of cheating. You're exposing your wife and children to all sorts of danger and instability. STDs, scorned women... God only knows. You're further harming your marriage with distrust and dishonesty. Infidelity is the ultimate selfish act, and it's at the expense of the people that are the closest to you. There are few other acts that even remotely compare in their depravity, and self interest.
It's not the cheating... it's the lying... and why you're lying. You're causing your spouse ultimate pain, for basically nothing. And you could avoid all of that with a few months of heart ache and once court appearance.
Re: (Score:3)
Hear Hear!
There is exactly once in my life that I have been actually morally offended by a commercial and it's theirs.
Re: (Score:3)
It's pure, 100% evil.
You set a pretty low bar for evil in a world where there are ISIL, paedophiles, genocides, rapists, murderers and Donald Trump.
Re: (Score:3)
1) Limits the spread of sever incurable life altering diseases
2) Two adults provides a far more reliable and economically secure situation for raising children
3) Polyamory aside, most humans are jealous creatures and adultery and cheating in general frequently incite violence
Other than that no society really has no good reasons. Do you know what society is? Have you spent much time around other humans?
Re: (Score:3)
1) Limits the spread of sever incurable life altering diseases
Polyamorous != promiscuous. Today's "monogamous" Americans seem to be doing a great job spreading diseases around with their "monogamous" ways (which of course involves a lot of cheating).
2) Two adults provides a far more reliable and economically secure situation for raising children
Three or more adults provide an even more reliable and economically secure situation for raising children. With only two adults with one working, when the breadwin
Re:nothing new under the sun (Score:4, Interesting)
If we wanted to swing or do it with other people, both me and my wife would simply sign up on AM or a similar site, with full knowledge of each other. Perhaps most people "cheat" without their spouses knowing about it? I thought the whole point of rational adults being married was that they talked and shit? Sigh.
Re: (Score:2)
What percentage wouldn't have had an affair if not encouraged by seductive advertising or given the opportunity to meet someone online rather than having to trawl bars or date people they know where the risk of discovery is higher?
I have no idea, but for these sites to be making money the answer must >0%.
Re:nothing new under the sun (Score:5, Interesting)
People likely to have an affair will do so with or without a website...
Your comment ignores the nature of temptation. These websites have a corrupting influence on those who are not likely to have an affair. They catch the idly curious and change "I wonder what it would be like?" to "That person is available to me." and tempt those who would not be inclined and push them to take action.
Re:nothing new under the sun (Score:5, Insightful)
and chocolate bars in the checkout lanes at grocery stores tempt people who otherwise managed to avoid the snack aisle. blaming temptation for your failings is a cowardly excuse. own your decisions.
Good thing I used CmdrTaco's info (Score:5, Funny)
when I signed for ashleymadison.com
Re:Good thing I used CmdrTaco's info (Score:5, Informative)
Re: (Score:2)
Still don't approve of the hackers, but I have a lot less sympathy for the company, if this is true
Re: (Score:2)
Re: (Score:2)
I would guess that they have to keep some records for some period of time, for the IRS, for PCI compliance, etc.
But not on the online data base connected to the site!
And paper records would be good enough anyway.
Re: (Score:2)
Not only legal to delete the transactions from their online site, but if they were following PCI, required after a certain point.
They could certainly have kept all of that for a longer period in their accounting system, but it is not clear to me that this is what was hacked, as that should have been a non-public system.
Also, all PII and cardholder data should be encrypted, so either ALM didn't encrypt the data, used shit encryption, or there was an insider. Knowing many companies, any of the three is a lik
Re: (Score:2)
Point of order: PCI compliance demands that you do *not* store customer CC data unless absolutely necessary [pcisecuritystandards.org] (mind the PDF, Henry).
On the other hand, the company is based in Canada, and I'm not sure what their data retention laws may entail. Since the company is pre-IPO, they may have aligned their policies to the Canadian equivalent of SOX (if they have one), but otherwise I don't see much demand to store the CC info for any legit business purpose.
Re:Good thing I used CmdrTaco's info (Score:5, Informative)
Given that it's rather easy to use a credit card with an assumed name, and also a fake billing address submitted while paying, I really don't see why the people who wanted to stay discreet/anonymous didn't do so.
In case anyone wanted to know how to do it, at least in the U.S. it's rather trivial:
1. Add an authorized user on your credit card account. The name can be fake. You'll get a card for that user.
2. Add a throwaway billing burner phone number on your account. Can be a $5 Tracfone from Walmart. This is optional only if the billing processor demands a phone number.
3. When registering/paying for AM, use the fake authorized user's card, and enter your address with a wrong name of the street. The ZIP and house number must match, the street name doesn't have to. The phone number should be the burner phone.
If the hackers get your data, all they have dirt on is a fictional character. This is 21st century, I thought every guy who knows how to use a bank account and a computer would know this shit?
Go ahead (Score:5, Interesting)
Re:Go ahead (Score:5, Insightful)
I get the feeling most of the profiles are fake anyway to pull in gullible males.
Never give in to blackmail.
Even better yet: Make every effort to be loyal to your spouse. If you fail, repent, hope for forgiveness, and try harder next time. Flee from all forms of temptation to do evil.
Easier said than done, to be sure.
Re:Go ahead (Score:5, Funny)
As a married man, the last thing I'd want in my life would be another woman. I can barely handle the one I have!
I tell my wife, if she's going to have an affair, at least make sure they guy is rich.
Re:Go ahead (Score:5, Funny)
I'm much more reasonable. I tell my wife that if she's going to have an affair, at least make sure the guy plays Sonic & All-Stars Racing so I have someone to play split-screen with.
Re:Go ahead (Score:5, Funny)
I'm much more reasonable. I tell my wife that if she's going to have an affair ... so I have someone to play split-screen with.
Is that some kind of euphemism?
Re:Go ahead (Score:4, Funny)
I tell my wife, if she's going to have an affair, at least make sure they guy is rich.
I'd be disappointed if my wife screwed around behind my back. She knows I like to watch!
Re:Go ahead (Score:5, Informative)
As a married man, the last thing I'd want in my life would be another woman. I can barely handle the one I have!
That's why -as the joke goes- an engineer should have a wife and a mistress. Both of them will assume you're spending time with the other, and during that time you can go to the lab and get soms work done.
Re: (Score:3, Insightful)
Easier said than done, to be sure.
Pro Tip: Make the decision not to cheat before you begin any relationship. Once in a relationship, learn to not let your eyes wander.
Re:Go ahead (Score:5, Insightful)
This, right here.
It's not that hard to keep yourself in check, gents. You either love your S/O or you do not. If you do, you will do your level best to remain faithful. ...besides, most of you schmucks are geeks - if you found someone that actually puts up with our little quirks and habits and loves our kind in spite of ourselves, why would you screw that up?
Re:Go ahead (Score:5, Insightful)
Or perhaps learn to be in a relationship that is built on trust and not on preventing eyes from wandering. I've been married for 15 years and my wife has no problems with me letting my eyes wander because she knows at the end of the day, I still always wander home to her in our bed, and no one else's.
Re: (Score:2)
Or know when to call it a day and end the relationship mutually, before it gets bad enough to warrant a divorce.
Re: (Score:2)
Honestly I've known of two marriages that ended even without claims of sexual infidelity and neither was terribly happy. In one case they were poor enough to where there wasn't much to fight about and in the other case both parties were smart enough to divide assets without a whole lot of fighting knowing that it would cost more in lawyer fees than the items being fought-over would cost. in the latter case it also helpe
Re: (Score:2)
Even better yet....don't get married at all, unless you are planning to have children.
If you're not wanting to have kids, then there is no real reason to get married. This way, you don't lose half your shit with you "upgrade" to a new and better mate periodically. No need for repent and forgiveness....
Re: (Score:3)
Even better yet: Make every effort to be loyal to your spouse. If you fail, repent, hope for forgiveness, and try harder next time. Flee from all forms of temptation to do evil.
I suspect that's what goes through Ben Affleck's mind every time he starts a new movie. "This time it will be different," he tells himself.
Re: (Score:3)
Re: (Score:2)
The names, addresses and credit card numbers (since it's a pay site) must be real.
I think a name is pretty easy to fake. Last time I checked, PO Boxes can be had for a very small fee (or once could even put a false address in.....what correspondence would a person want to receive via US mail from that site at their home?), and as for the Credit Card, once could just get a prepaid Visa Debit Card, load it with funds, and use that to pay.
Voila! Privacy secured.
If someone truly gets caught because of this, they weren't being careful. Now, I want to be clear here, I am absolut
Re: (Score:2)
Again, its not the "dating profile" that matters, but the membership in the site. You need real details for the financial transactions.
(Yeah, they could use bitcoin, but this isn't a geek site, they'd just use their AmeX.)
Re: (Score:2)
Just get a prepaid Visa Debit card from the rack at Walgreen's or Wal-Mart, or CVS, or Rite Aid, or Family Dollar, or wherever. Pay for it as if it were a "gift card" and load it with however much money you need on it. Then use that card to pay for your membership. Poof! Financial transaction with no paper trail (unless someone really wants to go through and find out where the card was purchased, and if you're that paranoid, just pay cash).
First thing I thought of (Score:5, Insightful)
Re:First thing I thought of (Score:5, Interesting)
>> this is a prime target for a hacking/blackmail scheme
My first thought was that the entire point of the site was to BE a blackmail scheme.
Re:First thing I thought of (Score:5, Funny)
1) Set up a site for cheaters
2) Charge a subscription fee
3) Profit!
4) Accidentally leave some live shells open and ipkvm with a super weak password or easy vuln on a high port
5) Let 4 slip to cousin Jimmy at the family reunion if he will split the take
6) Confirm to the press the hack to place so black mail victims will take Jimmy seriously.
7) Profit! some more
See there is isn't even a ?? step and two Profit! steps!
Re: (Score:2)
Re: (Score:3)
Maybe this is the first step of the grand monetization scheme...
ALM can now start a Kickstarter: "if we receive $20,000,000 we will invest the full efforts of our company into a rockclimbing website and immediately shut down all other websites including X, Y, Z and delete all user data."
The third step would be the hacker provides explicit endorsement of this scheme "as a means to an end" after the Kickstarter begins.
Because of the power-law value of customer information (many fake, some disguised, few real,
Re:First thing I thought of (Score:5, Funny)
this is a prime target for a hacking/blackmail scheme
My first thought was that the entire point of the site was to BE a blackmail scheme.
it was a blackmail scheme but now those rotten hackers have ruined it for me!
Re: (Score:2)
Correct. From the article: "In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee."
Re:First thing I thought of (Score:5, Interesting)
The first thing that came to mind when I heard of this site is "This is a prime target for a hacking/blackmail scheme." The only surprise here is that it didn't happen sooner.
As someone who has data in there (out of curiosity), it couldn't have happened to better people. The people that run AshleyMadison are worse than the lowest spammers. Not because they sanction marital cheating, but because they are exceedingly scammy in every aspect of the way they operate their business. They make Paypal and Stamps.com look like saints.
Does this qualify... (Score:5, Interesting)
...as revenge porn?
Re: (Score:2)
Great News! (Score:5, Funny)
Now I'll get my listing circulated without paying a renewal fee!
Here's Google's cache (Score:5, Informative)
Even it seems to be getting the shit pounded out of it.
cache [googleusercontent.com]
archive.org's just goes back to the original, the original never worked for me and the rest are taking a long long time to load.
Vigilantes of Morality (Score:5, Interesting)
Re: (Score:2)
Re:Vigilantes of Morality (Score:5, Insightful)
I know! I hate everything the website in question stands for and I find the idea of breaking the law to shut them down reprehensible. How to choose sides?
You apparently never played D&D. "Alignment" in D&D is actually a fairly ingenious way of looking at belief systems: https://en.wikipedia.org/wiki/... [wikipedia.org]
This site was Lawful Evil.
The hackers were Chaotic Good. (well I guess we don't really know do we?)
You're apparently Lawful Good, so you're conflicted. The site breaks the "Good" part of your personality, but the hackers break the "Lawful" part.
I'm probably Chaotic good... So this seems legit to me.
Re: (Score:3, Insightful)
Anyone who thinks real-world ethics and morality can fit into D&D's neat little boxes of "alignment" clearly made INT their dump stat.
Re: (Score:3)
You must be a Ranger, and the OP a Paladin.
Me, I'm just a fighter, neutral and available as a mercenary (in case anyone's hiring)
Credit protection (Score:4, Funny)
Comment removed (Score:5, Funny)
Here's the article text (it's slashdotted) (Score:4, Informative)
Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is “Life is short. Have an affair.”
The data released by the hacker or hackers — which self-identify as The Impact Team — includes sensitive internal data stolen from Avid Life Media (ALM), the Toronto-based firm that owns AshleyMadison as well as related hookup sites Cougar Life and Established Men.
Reached by KrebsOnSecurity late Sunday evening, ALM Chief Executive Noel Biderman confirmed the hack, and said the company was “working diligently and feverishly” to take down ALM’s intellectual property. Indeed, in the short span of 30 minutes between that brief interview and the publication of this story, several of the Impact Team’s Web links were no longer responding.
“We’re not denying this happened,” Biderman said. “Like us or not, this is still a criminal act.”
Besides snippets of account data apparently sampled at random from among some 40 million users across ALM’s trio of properties, the hackers leaked maps of internal company servers, employee network account information, company bank account data and salary information.
The compromise comes less than two months after intruders stole and leaked online user data on millions of accounts from hookup site AdultFriendFinder.
In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.
According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
Their demands continue:
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”
A snippet of the message left behind by the Impact Team.
It’s unclear how much of the AshleyMadison user account data has been posted online. For now, it appears the hackers have published a relatively small percentage of AshleyMadison user account data and are planning to publish more for each day the company stays online.
“Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers continued. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
ALM CEO Biderman declined to discuss specifics of the company’s investigation, which he characterized as ongoing and fast-moving. But he did suggest that the incident may have been the work
Welcome to the new "criminal justice" (Score:5, Interesting)
Full disclosure: I'm not defending this company for what it does.
For those of you who were tired of the old criminal justice system, be careful what you wish for. To these hackers and many other people, the fact that this company is not illegal in the eyes of the old criminal justice system is irrelevant. To these hackers, it is amoral. These hackers have decided unilaterally what morality is, who is guilty, and how punishment will be executed. Publicly destroying people and businesses that somehow offend somebody else is now the new normal. The old system of justice won't protect you anymore because even if the old system catches these hackers, the damage will be done and can't be undone.
Re:Welcome to the new "criminal justice" (Score:4, Interesting)
Think about in the office. In times past your boss couldn't monitor you 100% of the day, and unless you really abused things, it was safe to spend a few extra minutes chatting at the water cooler about last night's TV. Now your computer can flag you the instant you step away for more than your allotted two minute bathroom break, and alert your boss.
Or take speeding, for instance. While it's illegal, something like 99%+ of drivers are going to exceed the speed limit by 1 to 5 mph on any given day. Our speed limits are to a certain degree calculated with that in mind. Do we want to have our locations monitored 24/7 to calculate if we violated them?
Personally, I don't think people should be cheating, but it's not my place to judge them, nor do I want to see it exposed like this.
Will this be a wake up call about Facebook etc.? (Score:5, Insightful)
I'm not happy this is happening, but I do hope that when things like this happen it makes people think critically about putting their private lives and their means of communication on other peoples servers (i.e. "the cloud").
It's folly to think that 37 million Facebook accounts, with all their private messages and chats, won't be the next.
Re: (Score:2)
So it's a no-brainer for Ashley Madison (Score:2)
Keep the site up and running, and RISK going out of business.
- or -
Go out of business and actually go out of business.
I wonder; what choice is a predatory, opportunistic venture bound to take?
More interesting is the security, and Cicada. (Score:2)
Krebs is overloaded by train-wreck picnickers [googleusercontent.com]
Noel Biderman CEO [wikipedia.org] of How Low Can We Go, trading as Avid Media.
Some of his demonstrably patent bullshit [prnewswire.com] about their security.
"We have always had the confidentiality of our customers' information foremost in our minds, and have had stringent security measures in place".
Um, encryption - have you heard of it? And PCI - yeah, right, a bus protocol.
The "security" fail [cycura.com] company - they would have done better employing CyCura® the "binary ex-situ bioremediation s
Divorce Lawyers rejoice (Score:5, Insightful)
They just had 74 million prospective clients show up on their doorstep.
Re: (Score:2)
To be honest? The act is criminal, but if the affected want sympathy? They can find it in the dictionary between "shit" and "syphilis".
Re: (Score:2)
Yeah, but would you pay to get a delete from a criminal organization when the supposedly legit operation failed to do so? It is true that some of these criminal organizations have been known to have good "customer service" since their business model relies on someone actually trusting them to do what they say they are going to do, but it's still a huge gamble.
If I were one of those folks, I'd start rehearsing how I'd break it to my wife. That and/or start looking into divorce lawyers. Not doing anything
Teenagers (Score:2)
Everything is black and white to them, no shades of grey. They don't really understand the more complex levels of human nature and morality and try to fit it into their rather restricted mental box along with the typical teenage arrogance that makes them assume they're right about everything and everyone else is wrong.
Re: (Score:2)
The God damned Batman! ...
Just vigilantism.
Re: (Score:3)
No, it's easy for married men to cheat. It's easier than getting laid when you're single.
one sizable study found 90 percent of single women were interested in a man who they believed was taken, while a mere 59 percent wanted him when told he was single.
https://www.psychologytoday.co... [psychologytoday.com]