Yesterday’s hacking of Ashley Madison, the OK Cupid of extramarital affairs, may have put the personal information and sexual preferences of the site’s 37m users across the US and Canada at risk of release.
According to The Impact Team, the group now claiming responsibility, the hack is a protest against parent company Avid Life Media’s (ALM) profile deletion policy. While members can ‘hide’ their Ashley Madison profiles for free, ALM charges users a $19 fee to completely erase their personal information.
In their manifesto The Impact Team writes: “Full delete netted ALM $1.7m in revenue for 2014. It’s also a complete lie. Users almost always pay with [a] credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
The Impact Team is demanding that Ashely Madison and its sister site, Established Men — which offers to connect ‘young, beautiful women with successful men’ — be taken offline permanently and in all forms. ALM’s failure to do so would result in the release of “all customer records, including profiles with all of the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses and employee documents and emails”, the group said.
Late Sunday evening ALM CEO Noel Biderman confirmed the hack to KrebsOnSecurity and implied that the breach was an inside job.
He said: “We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication. I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
Biderman continued: “Like us or not, this is still a criminal act.”