On Sunday night, a group of hackers claimed to have stolen millions of users' private data from Ashley Madison, the site that helps cheaters find a fling, reports security news site Krebs on Security.
The group responsible for the attack is known as the Impact Team, an online group of Internet hackers. They claim to have gained access to personal information from the site's 37 million users, including "customers' secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses, and employee documents and emails."
The hackers released a portion of the data stolen from Avid Life Media, the firm that owns several "hookup sites" including Ashley Madison and Established Men, as well as a manifesto explaining their reasons for releasing the information.
One portion reads:
"We are the Impact Team. We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails ... Shutting down AM [Ashley Madison] and EM [Established Men] will cost you, but non-compliance will cost you more: We will release all customer-records, profiles with all the customers' secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses, and employee documents and emails. Avid Life Media will be liable for fraud and extreme harm to millions of users."
Avid Life Media offers an option on both Ashley Madison and Established Men to do a "complete erase," which essentially wipes all prior history of any transactions or access a user has had to the website. The Impact Team claims this is a complete lie, however, and says the site actually holds onto user credit card history and personal information.
Ironically, the group is threatening to release users' personal information in order to make a point about collecting personal information from users.
Avid Life Media's Noel Biderman told Krebs on Security, "We're not denying this happened, like us or not, this is still a criminal act."
The attack comes just two months after another group of hackers stole and released the personal information and profile data from millions of users on AdultFriendFinder, a similar nontraditional dating service.
Krebs on Security also reports the hackers leaked "maps of internal company servers, employee network account information, company bank account data and salary information." However, most of those links were no longer accessible within a few hours after release.
Avid Life Media released this press release Monday morning following the attack: