It is every cheater’s worst nightmare – getting caught with their hand in the cookie jar. A group of cyber hackers, who go by the name of The Impact Team, claimed to have compromised the Ashley Madison user databases, financial records as well as other proprietary information. The cyber hack, which is still unfolding, could be quite damaging to 37 million users/cheaters who use the hook-up service, whose slogan is “Life is short. Have an affair.”
AshleyMadison.com’s, owned by Toronto based company Avid Life Media, sensitive internal data was not the only thing that was stolen. Cougar Life and Established Men dating sites were also hacked into and their internal data were compromised.
“We’re not denying this happened,” Noel Biderman, CEO of Avid Life Media, said. “Like us or not, this is still a criminal act.”
In a public statement the company also stated “We apologize for this unprovoked and criminal intrusion into our customers’ information. We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place.”
The compromise comes just less than 2 months after cyber thieves stole and leaked online user data on millions of accounts from dating site AdultFriendFinder.com. At least the site was not for cheaters.
The Purpose of the Cyber Attacks
In a lengthy post published alongside the stolen ALM data, The Impact Team said it decided to publish the information in retaliation to the alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.
According to the cyber thieves, although the “full delete” feature that AshleyMadison.com advertisers promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t fully deleted.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed,” The hackers stated in the manifesto.
It is still uncertain how much of the sensitive data has been posted for the entire cyber world to see. For now, it appears the hackers have published a relatively small percentage of AshleyMadison user account data and are planning to showcase more for each day the company stays online.
A Case of Cyberterrorism?
Avid Life Media calls the attack an “act of cyberterrorism” and vows to hold those behind the hack responsible for their actions.
According to NATO’s definition, cyberterrorism can be defined as “a cyber attack using or exploiting computer or communication networks to cause sufficient destruction to generate fear or intimidate a society into an ideological goal.” Whilst the attacks are not political motivated, it has caused major disruption to the online dating community and has used fear and intimidation to get people to stop using a service or for a service to cease to exist. They have even threatened to wreck more havoc if their demands are not met; similar to what we see in real terrorism.
I would not go as far to call this attack an act of cyber terrorism just yet as there are no political motivations; it is a cyber crime though. These individuals are not happy with the service or the terms and conditions that are attached to it. They are showing an “unorthodox” approach to expressing their concerns.
I would term this a “PR disaster or nightmare” for AshleyMadison.com itself. They failed to keep their user information safe and now they will pay the price for it with the number of users exiting their service in the next few months. Instead of focusing on the “cyber terrorists” and catching them, they should focus on making sure this does not happen again and ensuring that their customers feel safe using their services.
Hire a PR company, specializing in Online Reputation Management, is my recommendation.
August 18, 2015 Update
HACKERS WHO STOLE sensitive customer information from the cheating site AshleyMadison.com have made good on their threat. A data dump, 9.7 gigabytes in size, was posted today on the web using an Onion address and is accessible only through the Tor browser. The files appear to include account details and log-ins for some 32 million users of the social networking site. 7 years worth of credit card and other payment transaction details are also part of the dump, dating back to 2007. The data, which amounts to millions of payment transactions, includes names, street address, email address and amount paid.