A hacker, or hackers, known as The Impact Team has broken into the computer systems at Avid Life Media, and is effectively holding the company to ransom. It’s threatening to release personal and private data stored on 36 million people unless two of ALM’s sites are taken down. What sites? The dating site for cheaters AshleyMadison.com, and EstablishedMen.com, where rich older men connect with younger women.
Reported by KrebsonSecurity.com, ALM has confirmed the hack took place, and around 40MB of data from the breach has already been published online by The Impact Team to prove key information in its possession.
The Impact Team is threatening to release all the data — according to its demands, this includes client records, credit card transaction data, real names and addresses, profiles with nude pictures, and company information such as documents and emails — unless AshleyMadison.com and EstablishedMen.com are taken “offline permanently in all forms.”
While it could be assumed the hacker has a problem with the two sites and the services they provide, it seems the main issue is with a feature of the AshleyMadison.com site called Full Delete, which is supposed to completely remove a profile and personal details from the company’s site and servers — for a fee of $19. The Impact Team’s message called Full Delete a “complete lie,” and said transaction data wasn’t deleted, and this includes names and addresses.
The demands include hints the hacker may be very familiar with the company, and the ransom note singles out ALM’s director of security for an apology, and quotes its chief technology officer. According to KrebsonSecurity’s report, ALM said it’s close to identifying the hacker — it indicates it’s a single person, rather than a collective — and says the person may have been a one-time employee or contractor. In a statement released afterwards, ALM stated it has secured its sites, and is working with law enforcement to find the culprit.
There’s no timeframe attached to the demands, which means the data could be released at anytime.
- With 20,000 sites swallowed up, a botnet is eating WordPress alive
- Data stolen from HealthCare.gov includes partial SSNs and immigration status
- Scammers’ latest phishing attacks are using that little green padlock to fool you
- Google to shut down Google+ after exposure of 500,000 users’ data
- Tumblr promises it fixed a bug that left user data exposed