Cheaters beware: Ashley Madison hackers leak data online

Hackers that stole data from Ashley Madison, a site for people wanting an affair, fulfille their threats and released the data online.

The stolen information includes full names of people registered on the site, as well as their addresses. The data also included credit card transactions, employee documents, email and customers' sexual fantasies.

A total of 37 million users of the Ashley Madison site have been compromised last month, by a group going by the name The Impact Team.

The Impact Team threatened to release the stolen data online unless Avid Life Media (ALM), the company which owns the site, takes Ashley Madison down.

The hackers also demanded that another site be taken down, called Established Men. That one promises to connect beautiful young women wich rich men, to "fulfill their lifestyle needs“.

“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails,” the hackers wrote in a statement following the breach.

While the hackers took issue with the questionable morals of the sites, their main point of contention was the fact that Ashley Madison charges users a £15 fee ($19 in the US) to carry out a full delete of their information should they decide to leave it.

Now, according to Wired.com, a data dump of almost 10GB (9.7, to be exact) was posted to the dark web using an Onion addressaccessible only through the Tor browser.

Industry reaction

Dr Chenxi Wang, VP of Cloud Security & Strategy at CipherCloud:

“Ashley Madison should have halted operations rather than betray the confidentiality of millions of customers. The hackers rightly pointed out that parent company ALM failed to protect customers, the bottom line for doing business.

9.7 gigabytes is a lot of customer names, credit cards and intimate details about individuals. The real victim is not Ashley Madison, it is the customers and their families, who are forced to suffer humiliation and pain. They could have been spared if Ashley Madison had done the tough but right thing. But maybe we should not be surprised – trust is not the strong suit for a company that makes its money by encouraging people to lie and cheat.”

Keith Poyser, GM EMEA at Accellion:

"Companies cannot afford the reputational loss that breaches cause – prevention makes far better sense, which means investment in security at all layers. Most importantly, cyber security must become part of any business culture and it must touch every segment of the work that a business does.

"Many businesses have solid network layer defences, asset layer management and protection, and personnel education on security. Yet, many more still use non-secured, public cloud services or leave their content with inadequate protection. Content is the new battleground. Cyber crime will only become more sophisticated and while web users will never feel completely safe, the onus is on the gatekeepers of their data to do everything in their power to keep it under lock and key."

Darren Anstee, Chief Security Technologist at Arbor Networks:

“This hack on Ashley Madison is the latest in a long line of cyber-attacks we have seen over the last six months. The fact that hackers were able to access not only users’ records but the financial records of Avid Life Media, extracting a significant amount of data, is testament to the fact that companies need to be doing more as threats evolve. Although the (in)fidelity of the data has yet to be confirmed, organisations do need to invest more in their abilities to proactively identify threats that are already inside their networks, identifying unusual activities and trends in traffic.

“In today’s threat landscape it’s essential for any target that has data that maybe valuable to an attacker to have the ability to detect, validate and contain threats quickly – attackers will make it past perimeter defences, and we should expect this, what we need to do is stop them before they achieve their goals.

"This isn’t all about technology – although having the right tools helps – people and process are key.”