Hackers stole the private profiles and identifying information about subscribers from a website that is geared toward people looking to cheat on their spouses.
The company behind the website AshleyMadison.com, which boasts more than 37 million subscribers, on Monday confirmed it had been breached and was working with law enforcement. By Monday afternoon, it said it had closed unauthorized access points and “successfully removed” identifying information about users that was already published online.
The site was started in 2002 and promises to “respect your privacy, security and anonymity.” Earlier this year, The Washington Post reported that Washington, D.C., had the highest rate of membership for the site of any city.
{mosads}Hackers threatened to continue leaking profile information from Ashley Madison subscribers as well as subscribers to another site, Established Men, owned by the same company, unless the sites are taken offline permanently, according to Brian Krebs, a leading cybersecurity blogger who first broke the news.
According to Krebs’s story, the hacking group, which calls itself The Impact Team, said if its demands were not met it would release “all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
The hackers took particular issue with a “paid delete” feature of the websites, which, for a fee, promises to scrub all personal identifiable information of a subscriber, including profiles and previous communications through the site.
But the hackers said the credit card purchase details of former subscribers are not deleted, leaving that information vulnerable in the case of a data breach.
The company behind the site said the hack prompted the website to offer the delete option for free on Monday.
“As our customers’ privacy is of the utmost concern to us, we are now offering our full-delete option free to any member, in light of today’s news,” according to Avid Life Media, which owns the site.