AshleyMadison, noted online home of serial adulterers, has confirmed that yes, someone did rummage through its 37 million-strong blackmail database. But the company also denies that it was swindling customers over the 'paid-delete' option, and has managed to take down any information leaked thus far.
In a statement issued earlier today, AshleyMadison owners Avid Life Media (ALM) confirmed a "criminal intrusion" into its systems, although it doesn't comment on the extent of any data loss.
We originally learned about the hack thanks to a post from the hackers themselves, a group dubbed The Impact Team, who posted a sample of information online, along with a manifesto demanding the takedown of AshleyMadison and related site CougarLife. That post quickly vanished, along with the leaked user data. Keeping a secret on the internet -- especially one with such salicious details -- isn't normally easy, but ALM seems to have succeeded, using the Digital Millennium Copyright Act to quash any mirrors.
In its slightly-rambling manifesto, The Impact Team claimed that ALM's paid-delete option, a $US19 service that promised the deletion of your personal info from ALM's servers (which, for the record, sounds like bullshit from the outset), was actually a bunch of crap. According to the hackers, ALM retained credit card and address info even after you'd paid your $US19 -- but according to ALM, that's not the case: "Contrary to current media reports, and based on accusations posted online by a cyber criminal, the "paid-delete" option offered by AshleyMadison.com does in fact remove all information related to a member's profile and communications activity. "
The full statement is posted below:
We were recently made aware of an attempt by an unauthorised party to gain access to our systems. We apologise for this unprovoked and criminal intrusion into our customers' information. We have always had the confidentiality of our customers' information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world.
At this time, we have been able to secure our sites, and close the unauthorised access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber -- terrorism will be held responsible. Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online.
Contrary to current media reports, and based on accusations posted online by a cyber criminal, the "paid-delete" option offered by AshleyMadison.com does in fact remove all information related to a member's profile and communications activity. The process involves a hard-delete of a requesting user's profile, including the removal of posted pictures and all messages sent to other system users' email boxes. This option was developed due to specific member requests for just such a service, and designed based on their feedback.
As our customers' privacy is of the utmost concern to us, we are now offering our full-delete option free to any member, in light of today's news.