A couple of weeks ago we reporte that AshleyMadison.com, an entity of Avid Life Media (ALM) was breached by a group calling itself The Impact Team. While most data breaches are done for monetary gain, The Impact Team demanded ALM to shut down two sites, Ashley Madison and Established Men, permanently for moral reasons. This was in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee. According to the hackers, although the "full delete" feature that Ashley Madison advertises promises "removal of site usage history and personally identifiable information from the site," users' purchase details - including real name and address - aren't completely gone.
"Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails," the hackers wrote in a statement following the breach.
The Impact Team attempted to show ALM they meant business by posting sample files containing some of the stolen data, which included company financial information including employee salaries and documents mapping the company's internal network.
32,000,000 User's Data Released
Apparently ALM didn't comply with the demands of The Impact Team which led them to release all of the stolen information. A data dump, 9.7 gigabytes in size, was posted on Tuesday, August 18th, to the dark web using an Onion address accessible only through the Tor browser. The files appear to include names, addresses, phone numbers and credit card data of some 32 million users of the social networking site, whose slogan is "Life is short. Have an affair." Links to the files were preceded by a text file message titled "Time's Up".
The highlights of the text include:
"Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit and stupidity of ALM and their members. Now everyone gets to see their data... Keep in mind the site is a scam with thousands of fake female profiles..."
"Find yourself here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you'll get over it."
ALM Response
"We are actively monitoring and investigating this situation to determine the validity of any information posted online and will continue to devote significant resources to this effort," ALM said in a statement after Tuesday's leak. "Furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business."
Now customers of ALM face the greatest fallout from the breach: public embarrassment, the wrath of angry partners who may have been victims of their cheating, possible blackmail and potential fraud from anyone who may now use the personal data and bank card information exposed in the data dump.
While we usually like to give you tips on how to protect yourselves, it's a case of too little, too late for individuals who wished to remain anonymous on these sites. However, we would recommend changing all your usernames and passwords, as hackers could use these to try to get a hold of things such as your bank account or credit card information.