Hackers of cheaters' site Ashley Madison threaten to expose user profiles

Those who broke into the site are reportedly threatening to post stolen user information every day the "discreet" affair network remains online.

Luke Westaway Senior editor
Luke Westaway is a senior editor at CNET and writer/ presenter of Adventures in Tech, a thrilling gadget show produced in our London office. Luke's focus is on keeping you in the loop with a mix of video, features, expert opinion and analysis.
Luke Westaway
2 min read

Ashley Madison claims to be the world's leading site for discreet encounters. Screenshot by Luke Westaway/CNET

Extramarital dating site Ashley Madison has been hacked, with millions of users' information potentially at risk of exposure.

Ashley Madison, whose tagline is "Life is short. Have an affair," is a dating website for married people. Claiming to have over 37 million members, the service was launched in 2001 and is owned by Avid Life Media, a Toronto-based company that also owns CougarLife.com and EstablishedMen.com. The data breach comes less than two months after similar website Adult FriendFinder was hacked, exposing the details of millions of members.

"We were recently made aware of an attempt by an unauthorized party to gain access to our systems," Avid Life Media said in a statement published today.

"At this time, we have been able to secure our sites, and close the unauthorized access points," the company said. "We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber-terrorism will be held responsible."

Security blogger Brian Krebs, who revealed the hack, reported that the breach is the work of a hacking group dubbed The Impact Team, who are said to have taken issue with an Ashley Madison feature that lets customers only fully delete their data if they pay a fee. The hacking group reportedly alleges that Avid Life Media doesn't delete this information as promised, but keeps a record.

The hacking group is reportedly threatening to publish stolen customer records, including real names, addresses and credit card transactions -- as well as internal documents and emails -- unless Ashley Madison and EstablishedMen.com are taken offline.

In its statement, Avid Life Media apologises for the breach, writing, "The current business world has proven to be one in which no company's online assets are safe from cyber-vandalism."

Ashley Madison was one of several dating sites criticised in 2012 in an Electronic Frontier Foundation report, which took aim at the site's privacy and security practices.

What can customers of dating sites do to protect themselves online? "You could use a burner email address rather than your regular personal one or one that identifies your place of work," security expert Graham Cluley said.

"But if you have used your credit card on such a site there is always the risk that they have not properly protected your real name and address," he warned. "Maybe it would be safer if such sites offered broader anonymity, for instance offering users to pay them through digital currency."