No doubt the revelation of a data breach at the online dating site, Ashley Madison has 37 million people looking over their shoulder about now.
Unlike some dating sites where singles are put in touch with each other, Ashley Madison exists to facilitate affairs between people who are already attached to someone else. The site's motto, "Life is short. Have an affair," explains it all.
While the Ashley Madison breach is hardly the first dating site to be breached, it has significant potential to cause damage that goes far beyond some stolen credit card numbers, although that risk exists.
The people who did the hacking, a shadowy bunch called the Impact Team, are threatening to expose all of the information they stole from the site, including names and contact information, but also including credit card numbers, compromising photos, and detailed preferences that most people would prefer not to be made public.
At least some of this information has been posted publicly, according to security researcher and blogger Brian Krebs, who first reported the breach. Unlike most breaches where the goal is money, the Impact Team is demanding that Ashley Madison shut down the site and other similar companion sites.
ALM reported the breach on its website, and has since updated its statements to say that it has used the provisions of the Digital Millennium Copyright Act to remove the posts related to the incident and to remove the information that was posted online.
Considering that both ALM and the Ashley Madison site are located in Toronto, Ontario, it's unclear how the company was using a U.S. law in Canada. The company has not responded to questions from eWEEK regarding this point.
However, the company did respond to an email about the incident saying that reports about the material that was breached were incorrect. According to spokesman Andrew Ricci, who responded to eWEEK by email, assertions that ALM did not actually remove user data from their servers even when they were paid to do so were wrong. In addition, ALM is offering the full deletion option to its customers for free. The service, which the spokesman referred to as a hard delete, was previously a paid service.
However, the spokesman was unable to confirm whether ALM was offering any sort of credit monitoring, despite the exposure of credit card numbers and other personally identifiable information.