Dating Website Admits Hackers Have Stolen Data on Millions

1-ashleymadiso.png

The company behind Ashley Madison, a popular online dating service marketed to people trying to cheat on their spouses, said on Monday that the site had been breached by hackers who may have obtained personal data about the service’s millions of members.

The group of hackers behind the attack, going by the name Impact Team, said they had stolen information on the 37 million members of Ashley Madison. To prevent the data from being released, the hackers said, the company needed to shut down the site entirely.

The hackers promised to release the real names, passwords and financial transactions of members if Ashley Madison did not meet that demand. The hackers have leaked some information online already, but that data did not appear to be the bulk of what was collected.

The corporate parent of Ashley Madison, Avid Life Media, said on Monday that it had adjusted its policy for deleting user data, an apparent complaint of the hackers, but the company gave no indication that it planned to close the site.
“We immediately launched a thorough investigation,” the company said, “utilizing leading forensics experts and other security professionals to determine the origin, nature and scope of this incident.”
While nearly every dating website ends up facilitating its fair share of cheaters, Ashley Madison, based in Toronto, has made a name for itself by specifically catering to two-timers.

That business niche has angered not only some consumers, but other companies as well. Football stadiums and soccer teams have turned down sponsorship offers. Both NBC and FOX, after being approached about broadcasting Super Bowl spots, have rebuffed the website.

Nevertheless, since 2001, Ashley Madison has steadily grown to 37 million accounts, according to a figure advertised on the front page of the website. Anyone 18 or older can join the free site discreetly, using a pseudonym. There, the users can list turn-ons and sexual preferences. Only once users start chatting and trading photos do they begin racking up fees — along with, potentially, some marital guilt.

The site has long told users that they can scrub their profiles from the site for $19. But the Hackers say that the user information is never actually deleted — knowledge, security experts said, that suggested the breach may have involved someone inside the company.

Ashley Madison said that when users delete accounts, all information is erased. Still, on Monday, the website waived its deletion fee for all members. The breach, and the hackers complaints about the data policy, was first reported on Sunday by Brian Krebs, a reporter who covers online security.

Noel Biderman, chief executive of Avid Life Media, told Mr. Krebs that the hacker “was definitely a person here that was not an employee but certainly had touched our technical services.” The company would not respond to additional questions about who was behind the breach. The hacking is one in a string aimed at corporations, such as one against Sony in 2014 and another against Target the year before — a trend that security experts say is growing. In May, the sexual preferences of users of AdultFriendFinder, another dating website, were leaked online after a breach.
“I think we’re going to see more of it as people see how effective it is,” said Bruce Schneier, chief technology officer for Resilient Systems, a security company, said of the Ashley Madison breach.

The breach comes at an inopportune time for Avid Life Media, which had expressed interest in pursuing an initial public offering this year. The company owns two other popular sites, Cougar Life and Established Men, that the hackers also breached.

For any dating website, much less one meant for extramarital romance, to continue to grow and be attractive to potential investors, consumers must be confident that their data will be protected. Under American copyright law, Ashley Madison has the power to scrub away private user information leaked in the breach and posted to other websites. On Monday, the company said that it had been doing just that to protect the identities of those who have used Ashley Madison. But that may be a race that it cannot win. Paul Ferguson, senior adviser for Trend Micro, a security software provider, said that information on Ashley Madison, deleted in one online forum, is beginning to bubble up in others.

“Once something is published on the Internet,” he said, “it’s there forever.”
That persistence has some marriage counselors predicting a boom in business — even if names end up unpublished.

“Oh, it’ll be a huge uptick,” said M. Gary Neuman, a marriage counselor in Miami Beach, Fla. and author of “The Truth about Cheating.” “Just the news getting out will have some spouses asking each other, ‘Are you one of the ones using this website?’ ”
NYT:

 

« Delivered: America’s Drone Debut
Hundreds of Thousands' of Vehicles At risk of Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Get Cyber Safe

Get Cyber Safe

Get Cyber Safe is a national public awareness campaign created to educate Canadians about Internet security and the simple steps they can take to protect themselves online.

Leibniz-Rechenzentrum (LRZ)

Leibniz-Rechenzentrum (LRZ)

The LRZ supports ground-breaking research and teaching in a wide range of scientific disciplines including information security and data protection.

Arthur J Gallagher & Co

Arthur J Gallagher & Co

Arthur J. Gallagher & Co. is a global insurance brokerage and risk management services firm. Services include Cyber Liability insurance.

Security University

Security University

Security University is a leading provider of Qualified Hands-On Cybersecurity Education, Information Assurance Training and Certifications for IT and Security Professionals.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

SkillCube

SkillCube

SkillCube is one of the pioneers in India focusing on Cyber Security Skill Development Solutions.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

Industrial Defender

Industrial Defender

Committed to ICS Cybersecurity. Industrial Defender provides a fully automated solution to discover, track and report on assets across your ICS footprint.

CICRA Consultancies

CICRA Consultancies

Cicra Consultancies is a company that specializes in cyber security. Our major activities are guided by three main principles: Prevent, Investigate, Prosecute.

Kiteworks

Kiteworks

Kiteworks (formerly Accellion) creates a dedicated Private Content Network that ensures zero-trust private content protection and compliance.

Zorus

Zorus

Zorus provides best-in-class cybersecurity products to MSP partners to help them grow their business and protect their clients.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

Supra ITS

Supra ITS

Supra ITS is a leading full-service technology partner offering IT Consulting, Cloud Services, 24x7 Managed IT & Cybersecurity Services, and IT Project Support.

Security Risk Advisors (SRA)

Security Risk Advisors (SRA)

Security Risk Advisors deliver cybersecurity services to leading companies in the Financial Services, Healthcare, Pharmaceuticals, Technology and Retail industries.

Instil Software

Instil Software

Instil helps technology brands transform, innovate and disrupt their markets with category-defining software products that challenge us to think, feel and act in new ways.

Stratsec

Stratsec

Stratsec is a global team of experts on a mission to protect human life, well-being and the environment against cyber-driven threats.