Ashley Madison Hacked: Information on Millions of Affair Website Users Could Be Released

By Mark Rollins
The Ashley Madison site has been hacked.
Information might not be as secure as the website says. Ashley Madison/Bloomberg

Ashley Madison is a website owned by Avid Life Media, Inc. a Toronto company, which has as its tagline:  "Life is short, have an affair".  Ashley Madison is a dating website set up for married people or those who are involved in a committed relationship, specifically so the user can seek out someone that he or she is not committed to.  The users of this site value their privacy, but this became an issue as AshleyMadison.com has been hacked. 

According to Bloomberg Business, the site's hacking will potentially expose names, addresses, and sexual preferences of millions of would-be cheaters just as the site's owner was going to go public.  The site was hacked by someone or a group identifying as The Impact Team. 

The Impact Team has put a message right on the site saying that "we have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails".  They also claim that they are motivated by the fact that Avid Life Media runs Established Men (a prostitution/human trafficking website for the rich men to pay for sex), Cougar Life (a dating website for "cougars"), Man Crunch (a site for gay dating), Swappernet (for swingers), and The Big and the Beautiful (for overweight dating).  The hacker or hackers say that they will "release all customer records, profiles with all the customers' secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names, and address". 

CNET states that a Security blogger Brian Krebs, who revealed this hack, states that The Impact Team took issue with an Ashley Madison feature that allows customers to only fully delete their data if they pay a $20 fee.  The hacking party believes that Avid Life Media does not delete these records, but keeps it for some reason. 

Avid Life Media issued a public statement apologizing for the breach.  According to TMZ, the company has secured their websites and are working with law enforcement to nab the culprits.  The security holes have been closed and the hacker's message has been erased from Ashley Madison's homepage.  I tried to confirm this by looking on the website at www.ashleymadison.com, but my virus protection software said that "This Connection is Untrusted". 

The Electric Frontier Foundation has critiqued several dating sites a few years ago, and Ashley Madison, along with other dating sites, had questionable privacy and security practices.  A security expert named Graham Cluley has stated that users of dating sites can protect themselves using a burner email address and not a personal one or one that identifies the user's place of work.  The big risk comes when using a credit card on the site because your name and address might not be protected well. 

Rik Turner, an analyst at technology researcher Ovum in London, has stated that the hackers could have transferred the data they stole from Avid Life Media elsewhere.  This means that this information obtained from Ashley Madison could appear public virtually anywhere.