Ashley Madison, a website for married people who want to have a little extra-marital fun, was reportedly hacked over the weekend, and the group responsible is now threatening to leak information about users.
The incident came despite heavy security measures put in place by the company that owns Ashley Madison--Avid Life Media--and officials are now investigating to try and pinpoint how the hackers gained access to their system.
"We were recently made aware of an attempt by an unauthorized party to gain access to our systems. At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act," Avid Life said in a statement.
The hackers--who call themselves "Impact Team"--say that the website offers a service which will delete all user data for a $19 fee, earning the company a hefty paycheck at the end of the year. However, the profiles may be deleted, but their credit card information is still stored. This will allow the group to "release customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails."
image via KrebsOnSecurity
With 37 million users, Ashley Madison has a lot to lose if they don't comply with the hackers demand to take down the site; not only is there a huge opportunity for identity theft, but their highly-touted security measures will have taken a big hit.
The security breach comes after a similar one at AdultFriendFinder, which saw some 4 million members' personal information leaked.
“Until the investigation is completed, it will be difficult to confirm the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more. Protecting our members’ information is our top priority and we will continue to take the appropriate steps," a spokesman said in May.