Cheating husbands and wives could be getting their just desserts as controversial dating site Ashley Madison, which uses the advertising slogan "Life is short. Have an affair," is the latest brand to be thrust into the hacking limelight following an “unprovoked and criminal intrusion” into its systems.
The Avid Life Media (ALM) owned company, which promotes infidelity and became renowned following its catchy, and somewhat crass, ad jingle “I'm looking for someone other than my wife”, was yesterday made aware of an attempt by an unauthorised party attempting to gain access to its systems.
The bungle means customer information was accessed and it is thought the hackers may have obtained information including customers' secret sexual fantasies and matching credit card transactions.
The hackers, who called themselves The Impact Team, said they had managed to steal the real names and addresses of the site's users, including those who had previously paid a fee to delete their accounts.
While many people question the Ashley Madison site's moral standing, it's users still deserve privacy they were promised and the site's failure to provide that is a serious issue.
Millions of users targeted
An online letter, thought to be from the hackers, which AdNews found online, said: “We are the Impact Team. We have hacked them completely, taking over their entire office and production domains and thousands of systems, and over the past few years have taken all customer information databases, complete source code repositories, financial records, documentation, and emails, as we prove here. And it was easy. For a company whose main promise is secrecy, it's like you didn't even try, like you thought you had never pissed anyone off.”
The letter went on to say that despite some of ALM's sites specifically promising "removal of site usage history and personally identifiable information from the site", that this is not true and claims it has all records. It even goes on to include addresses and fantasies associated with profiles.
“Too bad for those men. They're cheating dirtbags and deserve no such discretion," the hackers said. Too bad for ALM, you promised secrecy but didn't deliver. We've got the complete set of profiles in our DB dumps, and we'll release them soon if Ashley Madison stays online."
With more than 37 million members, mostly from the US and Canada, it added that a significant percentage of the population was “about to have a very bad day, including many rich and powerful people”.
In full PR crisis mode, ALM confirmed there had been an "intrusion" but has not revealed the full extent of what data was compromised.
“We apologise for this unprovoked and criminal intrusion into our customers’ information. We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world,” the company said.
It said it was able to secure its sites, close the unauthorised access points and stressed it is now working with law enforcement agencies, which are investigating the “criminal act”.
“Any and all parties responsible for this act of cyber–terrorism will be held responsible,” an ALM spokesperson added.
It said that contrary to current media reports, and based on accusations posted online by a "cyber criminal", the paid-delete option offered by AshleyMadison.com does in fact remove all information related to a member’s profile and communications activity.
“The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes. This option was developed due to specific member requests for just such a service, and designed based on their feedback,” an ALM spokesman said.
Brand loyalty shot
PR experts, who did not want to be named, said this would be a brand's worst nightmare and is “chaos” for a brand. She said the days of ALM's brand loyalty could be well and truly shot.
“It's far worse than a supermarket or retail data breach as not only is it a dating site, but as it promotes extra martial affairs, it has incredibly serious implications and wide-ranging and life-shattering impacts if personal profiles are unearthed,” one said.
“We have a crisis implementation process, but when it comes to a data breach there is actually only so much we can do as it hangs on external groups – i.e. IT and top management to actually get a handle on it. If that happened at my company we would need an external IT company that we work with to come in immediately as the guys we have could not to delve into such sophisticated hacking systems and would not be able to rectify this on their own.
“Our job PR-side is to calm and reassure as best we can and let people know that we have a handle on it. ALM have done two PR updates on its site so far, which in my mind is nowhere near enough.”
An ALM spokesman added that customers’ privacy was of the “utmost concern” and as such, is now offering its full-delete option free to any member, in light of the news – but it might just be a little too late.
“Our team of forensics experts and security professionals, in addition to law enforcement, are continuing to investigate this incident and we will continue to provide updates as they become available.” a spokesman added.”
Just last month a zombie-themed Ashley Madison ad which “depicts marriage as dead”, drew the ire of the Advertising Standards Bureau (ASB) for its inappropriate depiction of violence.
The TV commercial shows a zombie woman going through her normal, mundane life. At one point she holds a baseball bat over her sleeping partner until she notices a television advert for Ashley Madison, where she is then shown, transformed back to normal, with the assumption she has had an affair.
The advert received several complaints for its depiction of violence and treatment of sex. In response to the most recent determination Ashley Madison removed the scene showing the woman holding the baseball bat, but will continue running the updated ad.
What do you make of the the data breach saga? Comment below and share your views.
Have something to say on this? Share your views in the comments section below. Or if you have a news story or tip-off, drop us a line at firstname.lastname@example.org