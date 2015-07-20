(Adds company comment throughout)
By Alastair Sharp
TORONTO, July 20 Cheating spouses website
AshleyMadison.com, facing hackers' threats to leak clients' nude
photos and sexual fantasies, said it is heartened by some
initial public response that sees the site as a victim.
The website's Canadian parent, Avid Life Media, confirmed a
breach of its systems that has put the real names, credit card
information and other details of as many as 37 million customers
at risk. Avid Life said it has since secured the sites and
closed unauthorized access points.
The dating website company has hired UK cybersecurity firm
Sycura to investigate the breach, first reported by the
KrebsonSecurity blog, and is working with police to trace those
behind the attack, spokesman Paul Keable said.
AshleyMadison.com, which uses the slogan "Life is short.
Have an affair," has been planning to raise up to $200 million
through an initial public offering on the London Stock Exchange.
A group calling itself Impact Team said it had taken over
Avid Media systems, including customer databases, source code,
financial records and emails, according to a screen grab shown
on the KrebsOnSecurity blog.
"Shutting down AM (Ashley Madison) and EM (Established Men)
will cost you, but non-compliance will cost you more," the
hackers said. Established Men, widely described as a "sugar
daddy site," is another Avid Media property.
The hackers leaked snippets of the compromised data online
and warned that they would release customers' real names,
profiles, nude photos, credit card details and "secret sexual
fantasies" unless AshleyMadison and EstablishedMen.com are taken
down, Krebs said.
CUSTOMER PRIVACY CRUCIAL
"There's a very strong narrative that criminal activity,
vigilantism, is not the way forward, because who gets to be the
judge and jury?" Keable said at Avid Life's midtown Toronto
offices, citing articles in what he called "major media
outlets."
The hackers said that a "paid delete" function will not
remove all information about a member's profile and
communications.
Avid Life said that claim is untrue and it would offer the
function free of charge following the breach. The dating website
owner has about 160 employees, mostly in Toronto but also in
Cyprus, Brazil, Japan and elsewhere.
Keable said it was too early to estimate the damage to the
company's business model or IPO plans from the breach.
But one Canadian investment banker, who asked not to be
named, said the breach could put those plans at risk.
"There are a lot of risqué websites that are looking to go
public, the problem here is that the way Ashley Madison works is
it puts customer privacy as tantamount, the fact that you have a
hacking scandal at least temporarily puts the kibosh on any IPO
plans for them," the banker said.
In an interview with KrebsOnSecurity, Avid Life Chief
Executive Noel Biderman was cited as saying the company
suspected someone who had had access to internal networks as
being behind the breach.
"It was definitely a person here that was not an employee
but certainly had touched our technical services," he said.
Unauthorised posts and images on the website detailing the
hacker's demands have since been removed.
"We apologise for this unprovoked and criminal intrusion
into our customers' information," Avid Life said.
The breach comes about two months after dating site Adult
FriendFinder was compromised. That site has an estimated 64
million members.
