Slashdot Mirror
Affair Site Hackers Threaten Release of All User Data Unless It Closes
heretic108 writes: According to KrebsOnSecurity, the infamous Ashley Madison affairs hookup website has been hacked by a group calling itself The Impact Team. This group is demanding the immediate and permanent shutdown of Ashley Madison, as well as similar sites Cougar Life and Established Man, owned by the same company: Avid Life Media. If the sites aren't shut down, the hackers are threatening to publicly release personal data for 37 million users. ALM has confirmed that a hack took place, and the hackers posted snippets of account data, as well as bank and salary information from the company itself.
I get the feeling most of the profiles are fake anyway to pull in gullible males. Never give in to blackmail.
The first thing that came to mind when I heard of this site is "This is a prime target for a hacking/blackmail scheme." The only surprise here is that it didn't happen sooner.
As someone who has data in there (out of curiosity), it couldn't have happened to better people. The people that run AshleyMadison are worse than the lowest spammers. Not because they sanction marital cheating, but because they are exceedingly scammy in every aspect of the way they operate their business. They make Paypal and Stamps.com look like saints.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
Full disclosure: I'm not defending this company for what it does.
For those of you who were tired of the old criminal justice system, be careful what you wish for. To these hackers and many other people, the fact that this company is not illegal in the eyes of the old criminal justice system is irrelevant. To these hackers, it is amoral. These hackers have decided unilaterally what morality is, who is guilty, and how punishment will be executed. Publicly destroying people and businesses that somehow offend somebody else is now the new normal. The old system of justice won't protect you anymore because even if the old system catches these hackers, the damage will be done and can't be undone.
I would actually be interested to know what the logic is here: the hacker clearly doesn't like AM, or they wouldn't be spoiling their rumored-IPO quite this enthusiastically, they also don't like the users they are threatening to expose; but they also appear to be really bent out of shape about AM's allegedly-dishonest-and-exploitative 'pay to purge the embarrassing traces' feature.
Anger about that feature would seem to be something more likely in some portion of the users, or among people who identify with the interests of the users; but this interested party displays only contempt for them; rather than viewing AM's attempt to squeeze them as an amusing and justified punishment.
We obviously have no particular reason to trust their statement; but we do have to expect that they have a reason worth the legal exposure for doing this(especially since the dataset they are talking about would probably be worth a decent sum for sale to others looking for really juicy spearphishing targets ) rather than not attempting the hack at all or hacking but then staying quiet about it. My guess would be that it is more about attacking the site operator than about the users specifically; it is pretty common for at least a person or two to end up suitably embittered during the course of business.
It costs $15 and their data doesn't even get deleted...a scam that has netted $1.7M for ALM
I'd hazard a guess that one of the hackers on the team was mad that his wife had an affair using the site, so he got his hacking buddies together to take revenge.
I'd hazard a guess that this is a disgruntled insider, based in part on the fact that they claimed knowledge of internal practices (charging for profile deletion, but then retaining the information anyway). It's certainly possible someone could find that out through other means (having paid to have it deleted, then having it found anyway), but insider access explains a lot of things.