UPDATED July 21 with news that Ashley Madison offered to delete member information at no cost.
Adulterers used to have to worry only about their spouses catching them in the act, or their clandestine lovers ratting them out. Now, thanks to a hack of the website of the adultery-facilitating service Ashley Madison, their digital paper trails may expose their extramarital desires. Ashley Madison bills itself as the "world's leading married dating service for discreet encounters," but the word "discreet" may need to be edited out.
The database intrusion, which was carried out by an individual or group going by the name The Impact Team, poached user data, financial records and other corporate information. The Ashley Madison site wasn't the only one breached, as the hackers also targeted the site's parent company, Toronto-based Avid Life Media (ALM), which also runs services called Cougar Life (for women seeking younger men) and Established Men (for men and women seeking sugar-daddy arrangements).
In a manifesto posted online alongside a snippet of the the stolen data, The Impact Team attacked Avid Media not for assisting infidelity, but for deceiving customers about the thoroughness of a paid data-scrubbing feature.
For only $19, ALM sold users a Full Delete service that was supposed to remove all traces of their account histories from their databases. According to independent security blogger Brian Krebs' KrebsOnSecurity website, which broke the story, The Impact Team's statement explained that the delete feature "netted ALM $1.7mm in revenue in 2014," and is "a complete lie."
Hacking Team claims that despite Full Delete, former Ashley Madison members can always be exposed, thanks to a simple and obvious problem: “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address."
The Impact Team's demands are both simple and blunt: "Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit-card transactions, real names and addresses, and employee documents and emails. The other websites may stay online."
AshleyMadison.com is still online at the time of publishing, so while Avid Life Media has apologized and assured users that it is "working with law enforcement agencies, which are investigating this criminal act," the exposure of customer data may very well happen.
We suggest those who have used their credit cards on ALM websites contact their credit card companies and ask that new cards be issued. And while there is no mention of any user account login credentials being leaked, if you're an Ashley Madison member, you should change your account password on AshleyMadison.com and on any other site on which you use the same password.
UPDATE: In a statement (opens in new tab)issued July 20, Ashley Madison said, "As our customers' privacy is of the utmost concern to us, we are now offering our full-delete option free to any member, in light of today's news."
- Adult Friend Finder Hack: What to Do Right Now
- 15 Mobile Privacy and Security Apps
- How to Protect Your Social Security Number