In an attempt to minimise the impact of the security breach it suffered, hacked infidelity site AshleyMadison.com is now offering its users the ability to fully delete their account free of charge.
The feature was the trigger for the hack in the first place.
AshleyMadison.com is a website for married people looking for an affair. It offered its users the ability to completely delete their profile from the site for a fee of £15 in the UK, and $19 in the US.
However, the site was recently breached by a group of hackers calling themselves The Impact Team. The group stole the data of some 37 million users, and threatens to release the information into the public unless AshleyMadison.com is taken offline. They said the site lied about the feature and doesn’t completely wipe the profile data.
In a statement, Ashley Madison said that that claim was false. “Contrary to current media reports, and based on accusations posted online by a cybercriminal, the “paid-delete” option offered by AshleyMadison.com does in fact remove all information related to a member’s profile and communications activity.
“The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes. This option was developed due to specific member requests for just such a service, and designed based on their feedback.”
I’m not entirely sure how useful this feature is, now that the data has already been taken. I’d rather focus on keeping the stolen data from the internet, and AshleyMadison is apparently doing a good job about it.
The company, which described the hack as an “act of cyber-terrorism”, has been attempting to keep the preliminary data dump from the hackers off the web, and claims success in the matter, The Guardian wrote today.
“Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online.” As a result, the six initial locations the attackers posted the information in are now clear. But with the data now in the wild, and the attackers promising to release more, firefighting is likely to be a doomed effort in the long run.