Extramarital fling seeking members of the dating site Ashley Madison who were hoping their adulterous ways would be kept secret are very nervous after the website was recently hacked.
Although the owners of the U.S and UK “members only” extramarital dating site have apologized for the hack and are offering users the opportunity to fully delete their accounts free of charge, the hackers have said this was not being done and because of this they will continue releasing information about members and their activities. Ashley Madison usually offers a “paid delete” ability, costing $19, but after the hack was discovered, offered this service free of charge.
The hackers calling themselves “The Impact Team” claimed through social media, that Ashley Madison had not fully deleted all information about users who had asked for this, and had never done so in the past even when members had paid for this “service”. They said if the site owners had been deleting information on paid request, they would not have hacked into the site in the first place.
Ashley Madison in a statement said The Impact Teams claims were false. “Contrary to current media reports, and based on accusations posted online by a cyber criminal, the ‘paid-delete’ option offered by AshleyMadison.com does in fact remove all information related to a member’s profile and communications activity,” read the statement. “ The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes. This option was developed due to specific member requests for just such a service, and designed based on their feedback.”
Cyber crime experts said they are not clear whether Ashley Madison has made the free of charge information removal offer to appease the hackers demands or simply as an PR exercise to lock the barn door after the horse had already bolted.
In its statement, Ashley Madison called the hack an “act of cyber-terrorism”, and said it had managed to remove all leaked member information on the internet . It said “using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online.”
The security engineering manager at Rapid7, a cybersecurity firm, Tod Beardsley, said what made the hack interesting was the fact that the majority of site members would not be willing to confess to suffering a breach.
He said “Dating sites also host millions of intensely private scraps of user data. Users of these services may routinely share risqué photos, checklists of sexual preferences, and patterns of romantic activity that they consider deeply personal. Because of this, any breach involving a dating site comes with a built-in ‘ickiness’ factor,”
“Dating site users are likely to feel more violated after a breach than those caught up in a retail or government website breach, and they are less likely to reach out for help and advice on how to manage their identity information after a breach. For Ashley Madison users in particular, this tendency to suffer silently is all but guaranteed.”
Noel Biderman. Ashley Madison’s CEO and founder, said he believed the hack was an inside job.
“I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services,” he said.