Ashley Madison Dating Site Members Face Multiple Security Threats

NEWS ANALYSIS: Subscribers to the Ashley Madison "cheaters" dating site have plenty of reasons to worry about the privacy and security of their personal data.

Ashley Madison Breach 2

No doubt the revelation of a data breach at the online dating site, Ashley Madison has 37 million people looking over their shoulder about now.

Unlike some dating sites where singles are put in touch with each other, Ashley Madison exists to facilitate affairs between people who are already attached to someone else. The site's motto, "Life is short. Have an affair," explains it all.

While the Ashley Madison breach is hardly the first dating site to be breached, it has significant potential to cause damage that goes far beyond some stolen credit card numbers, although that risk exists.

The people who did the hacking, a shadowy bunch called the Impact Team, are threatening to expose all of the information they stole from the site, including names and contact information, but also including credit card numbers, compromising photos, and detailed preferences that most people would prefer not to be made public.

At least some of this information has been posted publicly, according to security researcher and blogger Brian Krebs, who first reported the breach. Unlike most breaches where the goal is money, the Impact Team is demanding that Ashley Madison shut down the site and other similar companion sites.

But the group is also promising to expose the complete contents of the databases belonging to Avid Life Media which owns Ashley Madison, and its companion sites, Cougar Life and Established Men.

ALM reported the breach on its website, and has since updated its statements to say that it has used the provisions of the Digital Millennium Copyright Act to remove the posts related to the incident and to remove the information that was posted online.

Considering that both ALM and the Ashley Madison site are located in Toronto, Ontario, it's unclear how the company was using a U.S. law in Canada. The company has not responded to questions from eWEEK regarding this point.

However, the company did respond to an email about the incident saying that reports about the material that was breached were incorrect. According to spokesman Andrew Ricci, who responded to eWEEK by email, assertions that ALM did not actually remove user data from their servers even when they were paid to do so were wrong. In addition, ALM is offering the full deletion option to its customers for free. The service, which the spokesman referred to as a hard delete, was previously a paid service.

However, the spokesman was unable to confirm whether ALM was offering any sort of credit monitoring, despite the exposure of credit card numbers and other personally identifiable information.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...