ashleymadison

If you’ve been cheating on your spouse via the website Ashley Madison, this might be a good day to do something really nice for the your husband/wife and divert their attention from the internet for a few days.

Ashley Madison, a controversial online social network that gears itself towards married people seeking to have affairs, has been hacked, and the company that owns it is being threatened with exposure of users’ personal information.

Hackers have threatened to reveal customers’ sexual fantasies and financial information if the website is not shut down, according to the Krebs on Security, an online cyber-security information site.

CBS News business analyst Jill Schlesinger said in an appearance on “CBS This Morning” that 37 million people use AshleyMadison.com. The site is owned by Avid Life Media, which has confirmed the hack.

Use of the site is largely free, but there are several features (such as chatting) that cost extra. For example, registered users may elect to pay an extra $19 fee to get their data scrubbed.

The company has collected millions offering the service, but the hackers are claiming that this scrubbing is not occurring. Schlesinger reports the hackers want the website shut down.

While the Ashley Madison hack is getting the most attention, the data breach is much more wide reaching:

Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is “Life is short. Have an affair.”

The data released by the hacker or hackers — which self-identify as The Impact Team — includes sensitive internal data stolen from Avid Life Media (ALM), the Toronto-based firm that owns AshleyMadison as well as related hookup sites Cougar Life and Established Men.

The motive, according to online security website KrebsOnSecurity seems to be a disgruntled employee who is upset with company practices rather than the business model per se:

In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.

According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.

“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”

Their demands continue:

“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”

It’s unclear how much of the AshleyMadison user account data has been posted online. For now, it appears the hackers have published a relatively small percentage of AshleyMadison user account data and are planning to publish more for each day the company stays online.

“Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers continued. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

On the one hand, yeah, this is a felony. On the other you can’t help but be surprised that anyone is shocked that a company that has made enabling marital infidelity (typo fixed thanks to my alert readers)  its core business actually lied to its customers. If what the hackers allege is true, and the data release seems to confirm it, the Ashley Madison’s officers should face civil and criminal sanctions. There is no good reason to keep customer personal data after being paid to scrub it… other than maybe using it yourself for some reason.

So color me ambivalent on this. If this kind of hack ups the price of internet brokered hook-ups, I don’t have much of a complaint about it. If people who are cheating on their spouses have a difficult conversation or merely spend several days with their sphincter welded shut, it is a valuable life lesson about trusting someone who cheats… wow, that could really be uncomfortable.