The company behind Ashley Madison, a popular online dating service marketed to people trying to cheat on their spouses, said on Monday that the site had been breached by hackers who may have obtained personal data about the service’s millions of members.
The group of hackers behind the attack, going by the name Impact Team, said they had stolen information on the 37 million members of Ashley Madison. To prevent the data from being released, the hackers said, the company needed to shut down the site entirely.
The hackers promised to release the real names, passwords and financial transactions of members if Ashley Madison did not meet that demand. The hackers have leaked some information online already, but that data did not appear to be the bulk of what was collected.
The corporate parent of Ashley Madison, Avid Life Media, said on Monday that it had adjusted its policy for deleting user data, an apparent complaint of the hackers, but the company gave no indication that it planned to close the site.
“We immediately launched a thorough investigation,” the company said, “utilizing leading forensics experts and other security professionals to determine the origin, nature and scope of this incident.”
While nearly every dating website ends up facilitating its fair share of cheaters, Ashley Madison, based in Toronto, has made a name for itself by specifically catering to two-timers.
That business niche has angered not only some consumers, but other companies as well. Football stadiums and soccer teams have turned down sponsorship offers. Both NBC and FOX, after being approached about broadcasting Super Bowl spots, have rebuffed the website.
Nevertheless, since 2001, Ashley Madison has steadily grown to 37 million accounts, according to a figure advertised on the front page of the website. Anyone 18 or older can join the free site discreetly, using a pseudonym. There, the users can list turn-ons and sexual preferences. Only once users start chatting and trading photos do they begin racking up fees — along with, potentially, some marital guilt.
The site has long told users that they can scrub their profiles from the site for $19. But the hackers say that the user information is never actually deleted — knowledge, security experts said, that suggested the breach may have involved someone inside the company.
Ashley Madison said that when users delete accounts, all information is erased. Still, on Monday, the website waived its deletion fee for all members.
The breach, and the hackers complaints about the data policy, was first reported on Sunday by Brian Krebs, a reporter who covers online security.