Over 37 million accounts compromised
"Like us or not, this is still a criminal act." Those are the words of Noel Biderman, CEO of Avid Life Media, the Toronto-based firm that owns AshelyMadison.com, a hookup website with the tagline, "Life is short. Have an affair." He said them in a statement to KrebsOnSecurity after it was discovered that a person or band of hackers broke into the site's database and stole personal details of more than 37 million members.
The person or people responsible used the name The Impact Team. There's already been a data dump containing personal information about a large number of users, but there's a lingering threat to publicize the details of each and every member if Ashley Madison doesn't shut itself down.
While The Impact Team clearly takes issue with the site helping to facilitate affairs, it's an an allegedly misleading $19 service that purports to erase all details about a customer that seems to have prompted the attack.
"Too bad for those men, they’re cheating dirtbags and deserve no such discretion," The Impact Team stated in a manifesto posted to Ashley Madison. "Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the U.S. and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people."
Since the attack took place, Ashley Media said its been able to "secure" its sites "and close unauthorized access points." It's currently working with law enforcement agencies to track down the person or people responsible. ALM also issued the following update today:
Following the earlier unprovoked and criminal intrusion into our system, Avid Life Media immediately engaged one of the world’s top IT security teams to take every possible step toward mitigating the attack.
Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online. We have always had the confidentiality of our customers’ information foremost in our minds and are pleased that the provisions included in the DMCA have been effective in addressing this matter.
Our team of forensics experts and security professionals, in addition to law enforcement, are continuing to investigate this incident and we will continue to provide updates as they become available.
The security breach comes less than two months after hackers stole and leaked information about millions of members of another hookup site, AdultFriendFinder.
Follow Paul on Google+, Twitter, and Facebook
From maximumpc
from http://bit.ly/1HELZxl
