Affair Site Hackers Threaten Release of All User Data Unless It Closes

heretic108 writes: According to KrebsOnSecurity, the infamous Ashley Madison affairs hookup website has been hacked by a group calling itself The Impact Team. This group is demanding the immediate and permanent shutdown of Ashley Madison, as well as similar sites Cougar Life and Established Man, owned by the same company: Avid Life Media. If the sites aren't shut down, the hackers are threatening to publicly release personal data for 37 million users. ALM has confirmed that a hack took place, and the hackers posted snippets of account data, as well as bank and salary information from the company itself.

Here's Google's cache

[waspleg]

Even it seems to be getting the shit pounded out of it.

cache

archive.org's just goes back to the original, the original never worked for me and the rest are taking a long long time to load.

Re:Good thing I used CmdrTaco's info

[vivaoporto]

From The Guardian article (as the krebsonsecurity seems to be slashdotted):

The site, which encourages married users to cheat on their spouses and advertises 37 million members, had its data hacked by a group calling itself the Impact Team. At least two other dating sites, Cougar Life and Established Men, also owned by the same parent group, Avid Life Media, have had their data compromised.

"Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online," the group's statement reads.

The hackers' main point of contention is with the fact that Ashley Madison charges users a fee of 15 pounds to carry out a "full delete" of their information if they decide to leave the site. Although users have the option of permanently hiding their profile free of charge, the company's advertisements claim that the full delete service is the only way to completely remove their information from the servers.

But the hackers say that that claim is âoea complete lieâ.

"Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed," they allege.

Re:Good thing I used CmdrTaco's info

[tibit]

Given that it's rather easy to use a credit card with an assumed name, and also a fake billing address submitted while paying, I really don't see why the people who wanted to stay discreet/anonymous didn't do so.

In case anyone wanted to know how to do it, at least in the U.S. it's rather trivial:

1. Add an authorized user on your credit card account. The name can be fake. You'll get a card for that user.

2. Add a throwaway billing burner phone number on your account. Can be a $5 Tracfone from Walmart. This is optional only if the billing processor demands a phone number.

3. When registering/paying for AM, use the fake authorized user's card, and enter your address with a wrong name of the street. The ZIP and house number must match, the street name doesn't have to. The phone number should be the burner phone.

If the hackers get your data, all they have dirt on is a fictional character. This is 21st century, I thought every guy who knows how to use a bank account and a computer would know this shit?

Re:Go ahead

As a married man, the last thing I'd want in my life would be another woman. I can barely handle the one I have!

That's why -as the joke goes- an engineer should have a wife and a mistress. Both of them will assume you're spending time with the other, and during that time you can go to the lab and get soms work done.

Re:nothing new under the sun

[X0563511]

Heard on NPR this morning that they think it's an inside job, and has all the hallmarks of it being so.

Apparently someone got tired of the all unethical behavior. Something about an account being free to create, but $20 to delete (and then not really being removed, or something like that)