lolloj - Fotolia

Hackers threaten to expose ALM’s dating and cheating site users

A hacking group, calling itself The Impact Team, claims to have compromised Avid Life Media’s user databases, source code repositories, financial records and email system

A hacking group is threatening to publish millions of user records if Toronto-based Avid Life Media (ALM) does not take down its cheating site Ashley Madison and dating site Established Men.

The group, calling itself The Impact Team, claims to have compromised ALM’s user databases, source code repositories, financial records and email system.

The hackers have published some user data, maps of ALM’s company servers, employee network account information, ALM bank account information and salary information.

ALM chief executive Noel Biderman confirmed the hack to security blogger Brian Krebs, calling the intrusion a “criminal act”.

The firm reportedly responded quickly to the intrusion, taking down most links to the compromised data within half an hour.

“We have had stringent security measures in place, including working with leading IT vendors from around the world. As other companies have experienced, these security measures have unfortunately not prevented this attack to our system,” ALM said in a statement.

"At this time, we have been able to secure our sites, and close the unauthorised access points. We are working with law enforcement agencies,” the statement said.

Alongside the stolen data, The Impact Team published a manifesto demanding that ALM shut down its Ashley Madison and Established Men sites immediately, Krebs reported in a blog post.

The sites have a combined membership of more than 38 million, mostly from the US and Canada.

If ALM fails to comply, the hackers said they will release all customer records, profiles with all customers' secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses, and employee documents and emails.

Read more about hacking

“Avid Life Media will be liable for fraud and extreme harm to millions of users,” the manifesto said, but made no mention of ALM’s other site Cougar Life, saying only that “other sites” could remain online.  

The Impact Team also accused ALM of lying about its service that allows members to erase their profile information for a $19 fee.

The hackers said that while the service promises to remove site use history and personally identifiable information from the site, users’ payment details are not in fact removed.

“Full Delete netted ALM $1.7m in revenue in 2014. It’s also a complete lie,” the hacking group wrote.

The hackers have threatened to publish user profiles every day the two controversial ALM sites remain online.

ALM’s CEO Noel Biderman declined to give details of the company’s investigation, but according to Brian Krebs, he suggested that the hack may be linked to someone who previously had legitimate access to the company’s networks.

Biderman also claimed to be on the brink of identifying the culprit, saying it was definitely not an employee, but someone who “had touched” ALM’s technical services.

Read more on Privacy and data protection

Data Center
Data Management