Toronto hackers threatened to leak details including the credit card information, nude photos and sexual fantasies of as many as 37 million customers of a dating website that caters to cheating spouses, the KrebsOnSecurity blog reported.
The dating website AshleyMadison.com’s Canadian parent, Avid Life Media, confirmed the breach on its systems, and said it had since secured the site and was working with law enforcement agencies to trace those behind the attack.
It disputed a claim made by the hackers, who call themselves The Impact Team, that a “paid delete” function will not remove all information about a member’s profile and communications. Following the breach, Avid Life said in a statement it would offer the function free of charge.
Company officials could not immediately be reached for comment. But in an interview with KrebsOnSecurity, Avid Life CEO Noel Biderman was cited as saying the company suspected someone who had had access to internal networks as being behind the breach.
“It was definitely a person here that was not an employee but certainly had touched our technical services,” he said.
The Impact Team, in a screen grab shown on the KrebsOnSecurity blog, said it had taken over Avid Media systems, including customer databases, source code, financial records and emails.
“Shutting down AM (Ashley Madison) and EM (Established Men) will cost you, but non-compliance will cost you more,” the hackers said. Established Men is an affiliated website.
The hackers leaked snippets of the compromised data online and warned that they would release customers’ real names, profiles, nude photos, credit card details and “secret sexual fantasies” unless AshleyMadison and EstablishedMen.com are taken down, Krebs said.
Ashley Madison, which uses the slogan “Life is short. Have an affair”, has been planning to raise up to $200m through an initial public offering on the London Stock Exchange.
“We apologise for this unprovoked and criminal intrusion into our customers’ information,” Avid Life said.
Unauthorised posts and images on the website detailing the hacker’s demands have since been removed.
The breach comes about two months after dating site Adult FriendFinder was compromised. That site has an estimated 64 million members.