Ashley Madison invites red-faced cheats to bolt stable door for free

See that dust cloud in the distance? That's the hackers' horse, that is

Adulterous hook-up site Ashley Madison is allowing all members to fully delete their profiles without charge in the aftermath of a serious data breach that threatens the site' future.

Previously, if users wanted to delete their records (profile, pictures and messages sent through the system) they were obliged to pay around $20, but that money-spinner has been dropped in the wake of a hack that placed Ashley Madison's members in danger of exposure.

Hackers from an previously unknown group The Impact Team are threatening to leak this information unless parent firm Avid Life Media (ALM) permanently closes both Ashley Madison and site Established Men, as previously reported on El Reg.

ALM has resisted these demands and both sites remain operational despite threats by hackers to release highly-sensitive information information including "customers' secret sexual fantasies and matching credit card transactions".

ALM has confirmed the breach without specifying how much information was taken, or indeed commenting directly on the hackers' claims, other than to deny accusations that the delete option failed to remove information related to a member's profile and communications activity.

"Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed all the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online," ALN said in a statement.

Ashley Madison specifically markets its services at married people looking for an affair. The Impact Team characterises members of Ashley Madison as "cheating dirtbags" who deserve no privacy, bragging that they are poised to release info on "many rich and powerful people" unless their demands are met.

Will Gragido, head of threat intelligence research at Digital Shadows, suspects the motive of the attacks might ultimately move towards ransoming off stolen information. Unlike a recent attack against Adult FriendFinder, another hookup website, very little data from the latest hack has surfaced online - suggesting that attackers are holding onto it for later criminal abuse, Gragido reasons.

"Details are still emerging, but the Ashley Madison breach seems typical of today's more extortion and ransom-focused attacks," Gragido explained. "Certain types of data and online behaviour are simply too attractive for blackmail purposes, and adversaries know the power of psychology and emotions when making demands like this."

"Notably, this incident seems even more extortion-focused than the Adult Friend Finder (AFF) breach case, because stolen AFF data was evident in underground cybercrime forums relatively soon. We see comparatively little Ashley Madison data in circulation, suggesting the attackers want to hold as much as they can for ransom," he added.

Gragido noted that demands by the hackers that Ashley Madison ought to be shut down is a potentially ominous evolution in hacker strategy.

"What is most striking about this incident is the attackers' demand that the business of Ashley Madison itself shut down," said Gragido.

"This is very ominous because it takes us down a slippery slope: What type of business will adversaries deem 'objectionable' next, and demand its closure, in addition to holding its customers hostage with their stolen, personal information?"

Speculation is rife that an insider or former employee may have facilitated the hack.

Luke Brown, vice president & GM EMEA at Digital Guardian, commented: "The breach is suspected to be an ‘inside job’ by someone involved with ALM’s technical services, highlighting the critical need for good cybersecurity capable of mitigating this type of insider threat."

"As it stands, the breach will likely cause irreparable damage to Ashley Madison as a business," he added.

Ashley Madison is simultaneously one of the most popular dating websites on the net, and the one its users are least likely to openly admit to using, for obvious reasons.

Tod Beardsley, security engineering manager at Rapid7, the firm behind Metasploit, commented: "Dating sites also host millions of intensely private scraps of user data. Users of these services may routinely share risqué photos, checklists of sexual preferences, and patterns of romantic activity that they consider deeply personal."

"Because of this, any breach involving a dating site comes with a built-in 'ickiness' factor. Dating site users are likely to feel more violated after a breach than those caught up in a retail or government website breach, and they are less likely to reach out for help and advice on how to manage their identity information after a breach," he added.

"For Ashley Madison users in particular, this tendency to suffer silently is all but guaranteed," concluded Beardsley.

Other security experts tend to agree that ALM will have its work cut out to restore confidence in the site, a vital first step to security its long-term future.

“This hack may just kill Ashley Madison," said Dr Chenxi Wang, cloud security and strategy veep at cloud security firm CipherCloud. "The hackers are demanding the company to shut down or face public release of the very personal details of all of its 37 million customers."

"This puts AM between a rock and a hard place if it continues to operate. It’s unthinkable for any business, especially one that runs on discretion and trust, to betray its customers’ confidentiality," she added. ®

Broader topics

Other stories you might like

  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading
  • Alien life on Super-Earth can survive longer than us due to long-lasting protection from cosmic rays

    Laser experiments show their magnetic fields shielding their surfaces from radiation last longer

    Life on Super-Earths may have more time to develop and evolve, thanks to their long-lasting magnetic fields protecting them against harmful cosmic rays, according to new research published in Science.

    Space is a hazardous environment. Streams of charged particles traveling at very close to the speed of light, ejected from stars and distant galaxies, bombard planets. The intense radiation can strip atmospheres and cause oceans on planetary surfaces to dry up over time, leaving them arid and incapable of supporting habitable life. Cosmic rays, however, are deflected away from Earth, however, since it’s shielded by its magnetic field.

    Now, a team of researchers led by the Lawrence Livermore National Laboratory (LLNL) believe that Super-Earths - planets that are more massive than Earth but less than Neptune - may have magnetic fields too. Their defensive bubbles, in fact, are estimated to stay intact for longer than the one around Earth, meaning life on their surfaces will have more time to develop and survive.

    Continue reading

Biting the hand that feeds IT © 1998–2022