Call it hacktivism with a spin: a controversial website for people seeking others who want to have an affair was hacked and personal details of its members leaked online.
The CEO of Ashley Madison, a controversial website that facilitates adulterous affairs and hookups, confirmed to Krebs On Security that it was hacked and possibly by or with the help of an insider who is not an employee.
The attacker or attackers claiming responsibility call themselves The Impact Team, and said in an online statement that it grabbed data on all of the 37 million users of Ashley Madison and its sister sites Couger Life and Established Men. All three sites are owned by Avid Life Media (ALM).
The Impact Team reportedly dumped some 49 megabytes of information, including credit card information and internal ALM documents, with the promise of dumping all of the database if Ashley Madison's site isn't taken down.
The hackers said in their post with the stolen ALM information that the company's service offer for a "full delete" of user history and payment information is a farce, and that information is not "actually scrubbed," leaving real identities and addresses on the database, Krebs On Security reported.
"So here’s the the lesson for anyone creating accounts on websites: always assume the presence of your account is discoverable. It doesn’t take a data breach, sites will frequently tell you either directly or implicitly. Moral judgement about the nature of these sites aside, members are entitled to their privacy. If you want a presence on sites that you don’t want anyone else knowing about, use an email alias not traceable back to yourself or an entirely different account altogether," says security expert and Microsoft MVP for developer security Troy Hunt in his personal security blog.
Read more about the Ashley Madison breach here.