Few things in life are as private as our romantic entanglements. So with hackers announcing they’ve made off with as many as 37 million records from the parent company of extramarital dating site AshleyMadison.com, you can be sure there are plenty of people sweating over the potential fallout.
The group, which calls itself “The Impact Team,” released a statement on July 20 saying that it has gained access to the databases of Canada-based Avid Life Media, which runs Ashley Madison and other dating sites. The hackers said that if ALM does not comply with its demand to shut down services, it will release private information on its clientele. In addition to the notification, the group has also released a small portion of the data stolen as a demonstration of its intent.
In an interview with cybersecurity blogger Brian Krebs, Avid Life Media CEO Noel Bidderman, said that the company is investigating the breach, which he called “criminal” in nature. “We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
Avid Life Media’s services differ from traditional dating sites in that they target subsets of dating culture. Ashley Madison bills itself as a dating site for married people, using the tagline “Life is Short. Have an Affair,” to illustrate that point. The site EstablishedMen.com offers affluent males dating connections to younger women, but hackers charge that it is also used to facilitate prostitution and human trafficking.
Avid Life Media offers a “full delete” option designed to help users cover their tracks, a service they charge $19.99 for. However, the hacking group said that the service did little to protect information collected from users.
Impact Team wrote in the statement: “Full Delete netted Avid Life Media $1.7 [million] in revenue in 2014. It’s also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
While Avid Life Media has not announced how it intends to react to the request, it is unlikely that they will shutter site operations. If hackers are successful in leaking Avid Life Media user information, legal action stemming from the breach is inevitable. That’s likely to include not only the standard class action against the breach victims, but probably an uptick in divorce filins as well.