In-depth security news and investigation
Online Cheating Webpagina AshleyMadison Hacked
Large caches of gegevens stolen from online cheating webpagina AshleyMadison.com have bot posted online by an individual or group that claims to have downright compromised the company’s user databases, financial records and other proprietary information. The still-unfolding leak could be fairly hurting to some 37 million users of the hookup service, whose slogan is “Life is brief. Have an affair.”
The gegevens released by the hacker or hackers – which self-identify spil The Influence Team – includes sensitive internal gegevens stolen from Avid Life Media (ALM), the Toronto-based hard that possesses AshleyMadison spil well spil related hookup sites Cougar Life and Established Studs.
Reached by KrebsOnSecurity late Sunday evening, ALM Chief Executive Noel Biderman confirmed the hack, and said the company wasgoed “working diligently and feverishly” to take down ALM’s intellectual property. Indeed, ter the brief span of 30 minutes inbetween that geschreven vraaggesprek and the publication of this story, several of the Influence Team’s Web linksom were no longer responding.
“We’re not denying this happened,” Biderman said. “Like us or not, this is still a criminal act.”
Besides snippets of account gegevens evidently sampled at random from among some 40 million users across ALM’s trio of properties, the hackers leaked maps of internal company servers, employee network account information, company bankgebouw account gegevens and salary information.
The compromise comes less than two months after intruders stole and leaked online user gegevens on millions of accounts from hookup webpagina AdultFriendFinder.
Te a long manifesto posted alongside the stolen ALM gegevens, The Influence Team said it determined to publish the information te response to alleged lies ALM told its customers about a service that permits members to entirely erase their profile information for a $Nineteen toverfee.
According to the hackers, albeit the “full delete” feature that Ashley Madison advertises promises “removal of webpagina usage history and personally identifiable information from the webpagina,” users’ purchase details – including vivo name and address – aren’t actually scrubbed.
“Full Delete netted ALM $1.7mm te revenue ter 2014. It’s also a accomplish lie,” the hacking group wrote. “Users almost always pay with credit card, their purchase details are not eliminated spil promised, and include auténtico name and address, which is of course the most significant information the users want liquidated.”
Their requests proceed:
“Avid Life Media has bot instructed to take Ashley Madison and Established Dudes offline permanently te all forms, or wij will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, actual names and addresses, and employee documents and emails. The other websites may stay online.”
A snippet of the message left behind by the Influence Team.
It’s unclear how much of the AshleyMadison user account gegevens has bot posted online. For now, it shows up the hackers have published a relatively petite percentage of AshleyMadison user account gegevens and are programma to publish more for each day the company stays online.
“Too bad for those fellows, they’re cheating dirtbags and deserve no such discretion,” the hackers continued. “Too bad for ALM, you promised secrecy but didn’t produce. Wij’ve got the accomplish set of profiles ter our DB dumps, and wij’ll release them soon if Ashley Madison stays online. And with overheen 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
ALM CEO Biderman declined to discuss specifics of the company’s investigation, which he characterized spil ongoing and fast-moving. But he did suggest that the incident may have bot the work of someone who at least at one time had legitimate, inwards access to the company’s networks – perhaps a former employee or contractor.
“We’re on the doorstep of [confirming] who wij believe is the culprit, and unluckily that may have triggered this mass publication,” Biderman said. “I’ve got their profile right te vooraanzicht of mij, all their work credentials. It wasgoed certainly a person here that wasgoed not an employee but certainly had touched our technical services.”
Spil if to support this theory, the message left behind by the attackers gives something of a shout out to ALM’s director of security.
“Our one apology is to Mark Steele (Director of Security),” the manifesto reads. “You did everything you could, but nothing you could have done could have stopped this.”
Several of the leaked internal documents indicate ALM wasgoed hyper aware of the risks of a gegevens breach. Ter a Microsoft Excel document that evidently served spil a questionnaire for employees about challenges and risks facing the company, employees were asked “In what area would you hate to see something go wrong?”
Trevor Stokes, ALM’s chief technology officer, waterput his worst fears on the table: “Security,” he wrote. “I would hate to see our systems hacked and/or the leak of private information.”
Te the wake of the AdultFriendFinder breach, many wondered whether AshleyMadison would be next. Spil the Wall Street Journal noted te a May schrijven titled “Risky Business for AshleyMadison.com,” the company had voiced plans for an initial public suggesting ter London zometeen this year with the hope of raising spil much spil $200 million.
“Given the breach at AdultFriendFinder, investors will have to think of hack attacks spil a risk factótum,” the WSJ wrote. “And given its business’s reliance on confidentiality, prospective AshleyMadison investors should hope it has adequately, er, girded its loins.”
Update, 8:58 a.m. ET: ALM has released the following statement about this attack:
“We were recently made aware of an attempt by an unauthorized party to build up access to our systems. Wij instantaneously launched a thorough investigation utilizing leading forensics experts and other security professionals to determine the origin, nature, and scope of this incident.”
“We apologize for this unprovoked and criminal intrusion into our customers’ information. The current business world has proven to be one te which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have bot attacked, despite investing ter the latest privacy and security technologies.”
“We have always had the confidentiality of our customers’ information foremost ter our minds, and have had stringent security measures ter place, including working with leading IT vendors from around the world. Spil other companies have experienced, thesis security measures have unluckily not prevented this attack to our system.”
“At this time, wij have bot able to secure our sites, and close the unauthorized access points. Wij are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber–terrorism will be held responsible.”
“Avid Life Media has the utmost confidence te its business, and with the support of leading experts te IT security, including Joel Eriksson, CTO, Cycura, wij will proceed to be a leader ter the services wij provide. “I have worked with leading companies around the world to secure their businesses. I have no doubt, based on the work I and my company are doing, Avid Life Media will proceed to be a strong, secure business,” Eriksson said.”
This entry wasgoed posted on Sunday, July 19th, at 11:40 pm and is filed under Gegevens Breaches. You can go after any comments to this entry through the RSS Two.0 feed. Both comments and pings are presently closed.