Slashdot Mirror

← Back to Stories (view on slashdot.org)

Affair Site Hackers Threaten Release of All User Data Unless It Closes

Posted by Soulskill on from the cards-on-the-table dept.

heretic108 writes: According to KrebsOnSecurity, the infamous Ashley Madison affairs hookup website has been hacked by a group calling itself The Impact Team. This group is demanding the immediate and permanent shutdown of Ashley Madison, as well as similar sites Cougar Life and Established Man, owned by the same company: Avid Life Media. If the sites aren't shut down, the hackers are threatening to publicly release personal data for 37 million users. ALM has confirmed that a hack took place, and the hackers posted snippets of account data, as well as bank and salary information from the company itself.

49 of 446 comments (clear)

  1. nothing new under the sun by FatdogHaiku · · Score: 4, Interesting

    People likely to have an affair will do so with or without a website...

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    1. Re:nothing new under the sun by bluefoxlucid · · Score: 5, Funny

      Perhaps so; but We, the Righteous, will hack them all and show our moral superiority!

      --
      Support my political activism on Patreon.
    2. Re:nothing new under the sun by fuzzyfuzzyfungus · · Score: 5, Interesting

      I would actually be interested to know what the logic is here: the hacker clearly doesn't like AM, or they wouldn't be spoiling their rumored-IPO quite this enthusiastically, they also don't like the users they are threatening to expose; but they also appear to be really bent out of shape about AM's allegedly-dishonest-and-exploitative 'pay to purge the embarrassing traces' feature.

      Anger about that feature would seem to be something more likely in some portion of the users, or among people who identify with the interests of the users; but this interested party displays only contempt for them; rather than viewing AM's attempt to squeeze them as an amusing and justified punishment.

      We obviously have no particular reason to trust their statement; but we do have to expect that they have a reason worth the legal exposure for doing this(especially since the dataset they are talking about would probably be worth a decent sum for sale to others looking for really juicy spearphishing targets ) rather than not attempting the hack at all or hacking but then staying quiet about it. My guess would be that it is more about attacking the site operator than about the users specifically; it is pretty common for at least a person or two to end up suitably embittered during the course of business.

    3. Re:nothing new under the sun by Anonymous Coward · · Score: 5, Funny

      There ought to be some societal reward for all of us married folk who take our vows seriously, even if that reward comes in the form of a Nelson laugh at the cheaters' expense.

      HA ha /Nelson

    4. Re:nothing new under the sun by pastafazou · · Score: 5, Interesting

      It costs $15 and their data doesn't even get deleted...a scam that has netted $1.7M for ALM

    5. Re:nothing new under the sun by Anonymous Coward · · Score: 5, Interesting

      I'd hazard a guess that one of the hackers on the team was mad that his wife had an affair using the site, so he got his hacking buddies together to take revenge.

    6. Re:nothing new under the sun by Fire_Wraith · · Score: 5, Interesting

      I'd hazard a guess that this is a disgruntled insider, based in part on the fact that they claimed knowledge of internal practices (charging for profile deletion, but then retaining the information anyway). It's certainly possible someone could find that out through other means (having paid to have it deleted, then having it found anyway), but insider access explains a lot of things.

    7. Re:nothing new under the sun by TheCarp · · Score: 4, Insightful

      You'd like to think that, wouldn't you?! You've beaten my giant, which means you're exceptionally strong, so you could've put the poison in your own goblet, trusting on your strength to save you, so I can clearly not choose the wine in front of you! But, you've also bested my Spaniard, which means you must have studied, and in studying you must have learned that man is mortal, so you would have put the poison as far from yourself as possible, so I can clearly not choose the wine in front of me!

      I think you are missing some serious possibilities for your over-analyse :)

      What if the hackers in question simply do not take as nuanced of a view as you and are just throwing shit against the wall in order to justify their actions and stir up some publicity?

      Perhaps, they were paid by a rival site or, are even an ex-employee?

      > My guess would be that it is more about attacking the site operator than about the users specifically; it is pretty common for at least a person or two to end up suitably embittered during the course of business.

      Well there are only so many glasses the powder can be in right? Sounds about right, personal grudge or even rival corp. Hell, I almost got involved with a contract to do some cleanup a while back because someone had found out his developer in India was abusing the company servers to run his own side business and fired him..... to which he responded by logging in to their hosting service and turning off machines; I could see a more vindictive person doing something like this.

      People making twisted ethical arguments in order to justify what they want to do is not really anything new though so it is hard to rule out people who just wanted to pick a target to hack and are justifying a target that wont get a ton of sympathy. It can also be a little of A and a little of B.

      The only thing really clear is they don't seem to have done this for money, though, who knows if they have another angle. Maybe they are contacting individuals who look like they might be able to afford to keep their info out of the dump? I bet you there are more than a few who would pay up.

      But remember, we live in a world where people actually say things like "If I find he is sleeping with someone else I am going to beat her bloody"....like the third party is the one who did wrong. These are matters that evoke passions that, for many people, shine far brighter than ethics and reason.

      Its so much easier when they just demand a ransom or something. Who benefits from the site shutdown? Even a rival site would likely see reputational fallout from this. In fact, the only parties I can think of who really would benefit here are divorce lawyers and the traditional dating sites who may see a slight bump, but its hard to see how they would see this as worth it when there is so much competition for desperation already.

      --
      "I opened my eyes, and everything went dark again"
    8. Re:nothing new under the sun by TWX · · Score: 4, Insightful

      Last time I checked, the tax situation for being married without having any dependents weren't especially better than for being single. First couple tax seasons after getting married we calculated our taxes both ways, and there wasn't really much of a difference.

      --
      Do not look into laser with remaining eye.
    9. Re:nothing new under the sun by cdrudge · · Score: 4, Insightful

      I would actually be interested to know what the logic is here: the hacker clearly doesn't like AM, or they wouldn't be spoiling their rumored-IPO quite this enthusiastically, they also don't like the users they are threatening to expose; but they also appear to be really bent out of shape about AM's allegedly-dishonest-and-exploitative 'pay to purge the embarrassing traces' feature.

      I'd be really surprised if the actual hacker(s) really had any moral stance one way or another. My money would be be on just pure financial greed. They see AM and it's customers as a paycheck. They see AM as a source of money and are applying pressure directly on them to pay up and/or shut down. They also pressure subscribers to pressure AM from the other side to pay up to not reveal their information.

      In the end I think it will be a loss for the hackers and customers. The hackers aren't going to get their money. AM takes a PR hit but doesn't really care because they already run a website for people with questionable ethics/morality. Customers info might get released, but for the 3 people that are actually real, married, and their partner doesn't already know, the shit might hit the fan. For everyone else, no one cares. And if you're a paying subscriber to a cheating website with your own real information, you're already a fucking idiot and get what you deserve for being a dumbass.

    10. Re:nothing new under the sun by TWX · · Score: 4, Insightful

      People are disgusting anyway. This is simply another in a long line of ways for people to hide communications that include alternate Internet e-mail addresses, alternate accounts through AOL, Compuserve, and Prodigy, PO Boxes, and if one goes back REALLY far, private couriers.

      Ironic thing is, unless one's spouse or significant-other has really, REALLY let themselves go, the grass really isn't greener on the other side. The other person might appeal because they're new, but it's usually because they're new and the shiny luster hasn't been worn off through familiarity, and once that familiarity is well and truly established the new person isn't any better than the previous one, and could actually be worse.

      --
      Do not look into laser with remaining eye.
    11. Re:nothing new under the sun by Qzukk · · Score: 4, Insightful

      You also get tax breaks for the marriage thing

      Standard deduction, single: $6300
      Standard deduction, married filing jointly: $12600

      The only tax break you get is if your wife is a stay-at-home mom where you can double your tax deduction. Of course, then she runs the risk of losing all her credits etc from having no income.

      if you have kids, you get those breaks too

      You get those breaks as a single parent too.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    12. Re:nothing new under the sun by NotDrWho · · Score: 4, Insightful

      Or they have some sort of financial interest in harming the site. It's like my grandpa used to say "Never ascribe to malice that which is adequately explained by fucking greed."

      --
      SJW's don't eliminate discrimination. They just expropriate it for themselves.
    13. Re:nothing new under the sun by NotDrWho · · Score: 4, Funny

      you marrieds get to keep your money

      They get those cool minivans too.

      --
      SJW's don't eliminate discrimination. They just expropriate it for themselves.
    14. Re:nothing new under the sun by Charliemopps · · Score: 5, Insightful

      It's simple. Living with someone exposes their flaws. It's hard to see the flaws in people you don't live with. Less flaws = more attractive.

      But the fact of the matter is, you should live up to your obligations. Sometimes you make bad choices in life... sometimes they are so bad that it affects the rest of your life... you end up missing an arm, or in prison, or married to a drunk. You've got to live with your choices, and do your best improve the situation. But lies, and dishonesty are not the way. Don't like your wife? Go to counseling, work it out with her... if all else fails, be honest with her and get a divorce, then start dating.

      What exactly is the person that's visiting a site like this doing? It's pure, 100% evil. There is nothing good that comes of cheating. You're exposing your wife and children to all sorts of danger and instability. STDs, scorned women... God only knows. You're further harming your marriage with distrust and dishonesty. Infidelity is the ultimate selfish act, and it's at the expense of the people that are the closest to you. There are few other acts that even remotely compare in their depravity, and self interest.

      It's not the cheating... it's the lying... and why you're lying. You're causing your spouse ultimate pain, for basically nothing. And you could avoid all of that with a few months of heart ache and once court appearance.

    15. Re:nothing new under the sun by Squiddie · · Score: 4, Insightful

      It is called NOT losing half your shit you own for getting caught playing in someone else's panties.

      Worse, you still might lose your shit because your wife let someone else play in her panties, and then continue paying for them to fuck in your house. Seriously, marriage is a terrible deal. One of my older friends had to pay his wife half of his retirement from the Army because they were married for ten years. It's not like she was deployed or actually did anything.

    16. Re:nothing new under the sun by Registered+Coward+v2 · · Score: 4, Interesting

      It costs $15 and their data doesn't even get deleted...a scam that has netted $1.7M for ALM

      In that case, AM might be liable for damages if someone paid to have the information deleted and it turns out it wasn't and then later gets stolen and released causing damage to the account holder. IANAL, but it would seem they would have at least an expectation the data was deleted, paid a consideration for AM to take a certain action (deleting information) in exchange, failed to do so as promised and as a result some suffered damages. While there is probably some T&C fine print that attempts to absolve them of all responsibility I would argue they were negligent in not deleting the data and safeguarding their systems and thus still liable. Given they are looking at IPO money they would have deep pockets for a class action suit.

      --
      I'm a consultant - I convert gibberish into cash-flow.
    17. Re:nothing new under the sun by Penguinisto · · Score: 4, Insightful

      I don't see any requests for money, so who is going to pay the hackers?

      Individual customers certainly won't.

      Dunno - one good spearphishing campaign based on the personal info gathered from the hack would probably garner quite a bit of money... and none of us would ever hear about it. The public announcements would only add to the credibility of the blackmail threats.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    18. Re:nothing new under the sun by aynoknman · · Score: 4, Interesting

      People likely to have an affair will do so with or without a website...

      Your comment ignores the nature of temptation. These websites have a corrupting influence on those who are not likely to have an affair. They catch the idly curious and change "I wonder what it would be like?" to "That person is available to me." and tempt those who would not be inclined and push them to take action.

      --
      We need a "+1 -- nice sig" moderation.
    19. Re:nothing new under the sun by Krishnoid · · Score: 4, Funny

      I wonder if someone got laid off or feels screwed out of IPO shares?

      I'll bet someone felt in their heart that the company promised one thing in good faith, then cheated on them.

    20. Re:nothing new under the sun by jandrese · · Score: 4, Interesting

      Another article I read on this had quotes from the AM CEO saying that he knew who did it and was looking at the guy's profile during the interview. We will see what comes of this.

      --

      I read the internet for the articles.
    21. Re:nothing new under the sun by liquidsin · · Score: 4, Insightful

      and chocolate bars in the checkout lanes at grocery stores tempt people who otherwise managed to avoid the snack aisle. blaming temptation for your failings is a cowardly excuse. own your decisions.

      --
      do not read this line twice.
    22. Re:nothing new under the sun by X0563511 · · Score: 5, Informative

      Heard on NPR this morning that they think it's an inside job, and has all the hallmarks of it being so.

      Apparently someone got tired of the all unethical behavior. Something about an account being free to create, but $20 to delete (and then not really being removed, or something like that)

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  2. Good thing I used CmdrTaco's info by bigjocker · · Score: 5, Funny

    when I signed for ashleymadison.com

    --
    Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
    1. Re:Good thing I used CmdrTaco's info by vivaoporto · · Score: 4, Informative
      From The Guardian article (as the krebsonsecurity seems to be slashdotted):

      The site, which encourages married users to cheat on their spouses and advertises 37 million members, had its data hacked by a group calling itself the Impact Team. At least two other dating sites, Cougar Life and Established Men, also owned by the same parent group, Avid Life Media, have had their data compromised.

      "Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online," the group's statement reads.

      The hackers' main point of contention is with the fact that Ashley Madison charges users a fee of 15 pounds to carry out a "full delete" of their information if they decide to leave the site. Although users have the option of permanently hiding their profile free of charge, the company's advertisements claim that the full delete service is the only way to completely remove their information from the servers.

      But the hackers say that that claim is âoea complete lieâ.

      "Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed," they allege.

    2. Re:Good thing I used CmdrTaco's info by tibit · · Score: 4, Informative

      Given that it's rather easy to use a credit card with an assumed name, and also a fake billing address submitted while paying, I really don't see why the people who wanted to stay discreet/anonymous didn't do so.

      In case anyone wanted to know how to do it, at least in the U.S. it's rather trivial:

      1. Add an authorized user on your credit card account. The name can be fake. You'll get a card for that user.

      2. Add a throwaway billing burner phone number on your account. Can be a $5 Tracfone from Walmart. This is optional only if the billing processor demands a phone number.

      3. When registering/paying for AM, use the fake authorized user's card, and enter your address with a wrong name of the street. The ZIP and house number must match, the street name doesn't have to. The phone number should be the burner phone.

      If the hackers get your data, all they have dirt on is a fictional character. This is 21st century, I thought every guy who knows how to use a bank account and a computer would know this shit?

      --
      A successful API design takes a mixture of software design and pedagogy.
  3. Go ahead by 1_brown_mouse · · Score: 5, Interesting

    I get the feeling most of the profiles are fake anyway to pull in gullible males. Never give in to blackmail.

    1. Re:Go ahead by DoofusOfDeath · · Score: 5, Insightful

      I get the feeling most of the profiles are fake anyway to pull in gullible males.

      Never give in to blackmail.

      Even better yet: Make every effort to be loyal to your spouse. If you fail, repent, hope for forgiveness, and try harder next time. Flee from all forms of temptation to do evil.

      Easier said than done, to be sure.

    2. Re:Go ahead by Anonymous Coward · · Score: 5, Funny

      As a married man, the last thing I'd want in my life would be another woman. I can barely handle the one I have!

      I tell my wife, if she's going to have an affair, at least make sure they guy is rich.

    3. Re:Go ahead by PopeRatzo · · Score: 5, Funny

      I tell my wife, if she's going to have an affair, at least make sure they guy is rich.

      I'm much more reasonable. I tell my wife that if she's going to have an affair, at least make sure the guy plays Sonic & All-Stars Racing so I have someone to play split-screen with.

      --
      You are welcome on my lawn.
    4. Re:Go ahead by Penguinisto · · Score: 5, Insightful

      This, right here.

      It's not that hard to keep yourself in check, gents. You either love your S/O or you do not. If you do, you will do your level best to remain faithful. ...besides, most of you schmucks are geeks - if you found someone that actually puts up with our little quirks and habits and loves our kind in spite of ourselves, why would you screw that up?

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    5. Re:Go ahead by TWX · · Score: 4, Funny

      I'm much more reasonable. I tell my wife that if she's going to have an affair ... so I have someone to play split-screen with.

      Is that some kind of euphemism?

      --
      Do not look into laser with remaining eye.
    6. Re:Go ahead by cdrudge · · Score: 4, Insightful

      Once in a relationship, learn to not let your eyes wander.

      Or perhaps learn to be in a relationship that is built on trust and not on preventing eyes from wandering. I've been married for 15 years and my wife has no problems with me letting my eyes wander because she knows at the end of the day, I still always wander home to her in our bed, and no one else's.

    7. Re:Go ahead by Anonymous Coward · · Score: 5, Informative

      As a married man, the last thing I'd want in my life would be another woman. I can barely handle the one I have!

      That's why -as the joke goes- an engineer should have a wife and a mistress. Both of them will assume you're spending time with the other, and during that time you can go to the lab and get soms work done.

  4. First thing I thought of by XxtraLarGe · · Score: 5, Insightful

    The first thing that came to mind when I heard of this site is "This is a prime target for a hacking/blackmail scheme." The only surprise here is that it didn't happen sooner.

    --
    Taking guns away from the 99% gives the 1% 100% of the power.
    1. Re:First thing I thought of by xxxJonBoyxxx · · Score: 4, Interesting

      >> this is a prime target for a hacking/blackmail scheme

      My first thought was that the entire point of the site was to BE a blackmail scheme.

    2. Re:First thing I thought of by dj245 · · Score: 5, Interesting

      The first thing that came to mind when I heard of this site is "This is a prime target for a hacking/blackmail scheme." The only surprise here is that it didn't happen sooner.

      As someone who has data in there (out of curiosity), it couldn't have happened to better people. The people that run AshleyMadison are worse than the lowest spammers. Not because they sanction marital cheating, but because they are exceedingly scammy in every aspect of the way they operate their business. They make Paypal and Stamps.com look like saints.

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
    3. Re:First thing I thought of by DarkOx · · Score: 4, Funny

      1) Set up a site for cheaters
      2) Charge a subscription fee
      3) Profit!
      4) Accidentally leave some live shells open and ipkvm with a super weak password or easy vuln on a high port
      5) Let 4 slip to cousin Jimmy at the family reunion if he will split the take
      6) Confirm to the press the hack to place so black mail victims will take Jimmy seriously.
      7) Profit! some more

      See there is isn't even a ?? step and two Profit! steps!

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    4. Re:First thing I thought of by Gravis+Zero · · Score: 4, Funny

      this is a prime target for a hacking/blackmail scheme

      My first thought was that the entire point of the site was to BE a blackmail scheme.

      it was a blackmail scheme but now those rotten hackers have ruined it for me!

      --
      Anons need not reply. Questions end with a question mark.
  5. Does this qualify... by Enter+the+Shoggoth · · Score: 4, Interesting

    ...as revenge porn?

    --
    Andy Warhol got it right / Everybody gets the limelight
    Andy Warhol got it wrong / Fifteen minutes is too long.
  6. Great News! by Anonymous Coward · · Score: 5, Funny

    Now I'll get my listing circulated without paying a renewal fee!

  7. Here's Google's cache by waspleg · · Score: 4, Informative

    Even it seems to be getting the shit pounded out of it.

    cache

    archive.org's just goes back to the original, the original never worked for me and the rest are taking a long long time to load.

  8. Vigilantes of Morality by neghvar1 · · Score: 4, Interesting

    One immoral act to shutdown another immoral act

    1. Re:Vigilantes of Morality by Charliemopps · · Score: 5, Insightful

      I know! I hate everything the website in question stands for and I find the idea of breaking the law to shut them down reprehensible. How to choose sides?

      You apparently never played D&D. "Alignment" in D&D is actually a fairly ingenious way of looking at belief systems: https://en.wikipedia.org/wiki/...

      This site was Lawful Evil.
      The hackers were Chaotic Good. (well I guess we don't really know do we?)
      You're apparently Lawful Good, so you're conflicted. The site breaks the "Good" part of your personality, but the hackers break the "Lawful" part.
      I'm probably Chaotic good... So this seems legit to me.

  9. Credit protection by otaku244 · · Score: 4, Funny

    Let's see them try to roll out credit protection here. It better come with a box of chocolates, some roses, and a spa-treatment (or a 6-pack and tickets to your spouses favorite event) because that credit score WILL go in the toilet.

    --
    Mod me down, I shall become more off-topic than you could possibly imagine.
  10. sounds like a winning plan by nimbius · · Score: 5, Funny

    "shut down your predatory sites or we will forcibly liberate 37 million victims of either abusive, dead end, loveless, or empty relationships and leave them to reconcile the adult responsibilities of integrity, trust, and honesty while potentially fostering an atmosphere of open discourse on the nature of marriage, divorce, alimony, custody, and child support."

    --
    Good people go to bed earlier.
  11. Welcome to the new "criminal justice" by RogueWarrior65 · · Score: 5, Interesting

    Full disclosure: I'm not defending this company for what it does.
    For those of you who were tired of the old criminal justice system, be careful what you wish for. To these hackers and many other people, the fact that this company is not illegal in the eyes of the old criminal justice system is irrelevant. To these hackers, it is amoral. These hackers have decided unilaterally what morality is, who is guilty, and how punishment will be executed. Publicly destroying people and businesses that somehow offend somebody else is now the new normal. The old system of justice won't protect you anymore because even if the old system catches these hackers, the damage will be done and can't be undone.

  12. Will this be a wake up call about Facebook etc.? by ciaran2014 · · Score: 4, Insightful

    I'm not happy this is happening, but I do hope that when things like this happen it makes people think critically about putting their private lives and their means of communication on other peoples servers (i.e. "the cloud").

    It's folly to think that 37 million Facebook accounts, with all their private messages and chats, won't be the next.

    --
    Help build the anti-software-patent wiki
  13. Divorce Lawyers rejoice by Virtucon · · Score: 4, Insightful

    They just had 74 million prospective clients show up on their doorstep.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"