Cheating website AshleyMadison.com has been hacked, with those claiming responsibility threatening to publish "secret sexual fantasies" and account details of millions of people unless the site is permanently closed.
The leak, first reported by Brian Krebs andsince confirmed by AshleyMadison parent company Avid Life Media (ALM), could affect more than 37 million people who use the extramarital affairs website.
The Impact Team, the hacking group behind the attack, published account data, maps of internal company servers, employee account information and company financial details.
Publication of all user account details could expose millions of people who are attempting to cheat on their partners. Hackers said they decided to publish the information after ALM made $1.7m (£1m) from offering users the ability to delete their entire account for £12, without -- according to the hackers -- actually removing any data.
Toronto-based ALM claimed users could pay $19 (£12) to permanently remove all their details from the site, but according to The Impact Team customer data isn't actually removed.
"Their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed," the hackers claimed.
The Impact Team said ALM must take Ashley Madison and Established Men, its other affairs website, offline "permanently in all forms" or it would release "all customer records". Failure to do so would result in them releasing "profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails."
The hackers claimed to have access to the full database of 37 million members, although as yet there's no way to confirm if that is accurate.
In a statement ALM confirmed the attack and said it had launched a "thorough investigation" into the "origin, nature, and scope" of the breach.
"We apologise for this unprovoked and criminal intrusion into our customers’ information," the company said. "At this time, we have been able to secure our sites, and close the unauthorised access points."
The attack on Ashley Madison comes less than two months after hackers leaked user data on more than 3.5 million accounts from AdultFriendFinder.
The stolen data revealed sexual preferences of users, whether they were gay or straight and when they were seeking extramarital affairs.
SOURCE: Wired.co.uk
