Insider blamed for Ashley Madison data theft

A group of hackers calling themselves the “Impact Team” has broken into the extra-marital dating site AshelyMadison.com, and related properties run by Avid Life Media, and posted a manifesto  and data samples.  The group  threatens to expose the data in their possession, which includes “sexual fantasies, nude pictures, credit card numbers, and real names and addresses”, according to the security site KrebsonSecurity.

“Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

The hacker group, which lambasted the company for running a human trafficking business, claimed to have taken over all ALM’s systems, and demanded the company shut down the sites Ashely Madison and Established Men, as second ALM site whose pitch is to connect “attractive girls with successful and generous benefactors”.  “We will release all customer records”, the manifesto states if these two sites are not taken down.  Curiously, the team allows “[t]he other websites may stay online”.  

The hacker team also complained ALM charged members $19 to delete all traces of membership activity, but then failed to remove the records from their systems.  ArsTechnica wrote about the practice about a year ago.

ALM CEO Noel Bilderman blames an insider, in the Krebs report.“I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”

In a statement released by ALM about the attack: “At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber–terrorism will be held responsible.”

The attack comes two months after similar site AdultFriendFinder.com suffered a data breach.

Be social, please share!

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail