NEW YORK (AP) — The parent company of Ashley Madison, a matchmaking website for cheating spouses, says it was hacked and that the personal information of some of its users was posted online.
In addition, the person or persons behind the attack are threatening to release all of the site's personal information — including its members' sexual fantasies and financial information — if the company doesn't take Ashley Madison offline, according to a prominent security blog.
Toronto-based Avid Life Media Inc. says it has had the hackers' posts — which included snippets of personal information — taken down and has hired a technology security firm. The company and law enforcement agencies are investigating.
The breach was first reported late Sunday by Brian Krebs of KrebsonSecurity, a website that focuses on cybersecurity. Ashley Madison, whose slogan is "Life is short. Have an affair," purports to have 37 million members.
The hacking follows the May breach of the dating website Adult FriendFinder, which involved the theft of names, email addresses and information about the sexual orientation or habits of up to 4 million of that site's members.
According to Krebs, the hacker or hackers, in the Ashley Madison breach identified as "The Impact Team," posted large caches of data from the Ashley Madison site, claiming to have compromised user databases, financial records and other information.
Besides random personal data from members, the hackers also posted maps of the company's internal servers, employee network account information, company bank account data and salary information, Krebs says.
The hacker or hackers also posted a manifesto alongside the data, accusing Avid Life Media of lying to its customers about a $19 service that would scrub all of their personal information from its data bases, saying that the data doesn't actually go away," Krebs says.
The hackers say that if Avid Life does not take its Ashley Madison and Established Men sites offline, it will release all of the company's information — including customer records, nude photos, sexual desires, online conversations, matching credit card transactions, real names and addresses, along with employee documents and emails — according to a screen capture of the hackers' manifesto posted by Krebs.
Avid Life released a statement Monday morning saying that it has been able to secure its sites and close the back doors into its systems.
"We are working with law enforcement agencies, which are investigating this criminal act," the company's statement reads. "Any and all parties responsible for this act of cyber-terrorism will be held responsible."