Ashley Madison, a dating website created for relationship cheating, has had its entire 37-million user database seized by hackers – including their names, sexual proclivities and even private messages.
“The Impact Team”, as the hacking group calls itself, is demanding that Avid Life Media, which owns Ashley Madison, takes the entire site offline, or the potentially sordid details will be made public.
Having already released a small data-set as proof of its attack and its intent to expose it, The Impact Team claims that the data it holds includes “sexual fantasies, nude pictures”, credit card transactions, real names and addresses, and even the contents of private conversations users have had between themselves.
Avid Life Media also runs Established Men, another dating site that says it “connects ambitious and attractive girls with successful and generous benefactors to fulfil their lifestyle needs”, but which The Impact Team call “a prostitution/human trafficking website for rich men to pay for sex”.
The Impact Team, addressing Avid Life Media directly in a message that accompanies the leaked data, claims that “shutting down [AshleyMadison] and [Established Men] will cost you, but non-compliance will cost you more”, before threatening to release everything.
“Avid Life Media will be liable for fraud and extreme harm to millions of users,” the message continues.
Addressing Trevor Skyes, Avid Life Media’s chief technology officer, the message reminds readers that Sykes once said “protection of personal information” was one of his biggest “critical success factors” and that he’d hate to see a leak.
“Well Trevor, welcome to your worst fucking nightmare” boasts the hacking group.
Avid Life’s CEO Noel Biderman has described an inquiry that is already moving fast, and which already seems to point to a single person with inside access to networks, such as a former or even present contractor.
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” said Biderman.
“I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee, but certainly had touched our technical services.”