A hacker is posting data from online cheating site Ashley Madison online after apparently gaining access to the company’s internal databases.
The breach comes less than two months after hackers leaked the personal data of millions of users of sex-oriented dating site Adult FriendFinder.
The company said it is “working with law enforcement agencies” to investigate the incident.
“We apologise for this unprovoked and criminal intrusion into our customers’ information,” ALM said in a statement. “The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.”
ALM added that it has now “been able to secure our sites, and close the unauthorised access points”, but didn’t offer further details.
The attacker or attacker, who used the name Impact Team, has so far released samples of account data as well as maps of internal company servers, employee network account information, company bank account data and salary details, according to reports.
ALM chief executive Noel Biderman told IT security journalist Brian Krebs, who initially reported the breach late on Sunday, that the company believes the attacker may have been a former contractor at the company.
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman told Krebs.
In a statement accompanying the leaked data, Impact Team includes an “apology… to Mark Steele (Director of Security)”, which may support the theory that a contractor was involved.
The statement accuses ALM of misrepresenting a service called Full Delete, which, for a £15 fee, is advertised as offering “removal of site usage history and personally identifiable information from the site”.
The service may remove profile information, but it does not delete payment data, which includes users’ real names and addresses, according to Impact Team.
“Users almost always pay with (a) credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed,” the group stated.
According to the statement, Impact Team has demanded Ashley Madison and Established Men be taken offline permanently, “or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails”.
The group said it has a “complete set of profiles in our DB dumps”, which means that “a significant percentage of the population is about to have a very bad day, including many rich and powerful people”.
The breach of Adult FriendFinder in May resulted in the release of users’ email addresses, usernames, dates of birth, postcodes and computer IP addresses, as well as their sexual preferences and whether they are seeking extramarital affairs.
Are you a security pro? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…