Hackers have breached the security of AshleyMadison.com, an online dating site that promotes infidelity among married people, and are threatening to disclose sensitive customer data if the site doesn't immediately shut down.
Avid Life Media (ALM), Ashley Madison's Toronto-based parent company, is in damage-control mode, and released a statement on Monday assuring its custumers that it is taking "every possible step toward mitigating the attack."
With 37 million members, Ashley Madison is the most high-profile dating site marketed to cheating spouses ("Life is short. Have an affair."). It boasts over 124 million visits a month and operates in 30 languages.
In addition to Ashley Madison, ALM operates sites such as CougarLife.com, a site "for women looking to date younger men," and EstablishedMen.com, a "service that connects young, beautiful women with rich, successful men."
The hackers, identifying themselves on as "The Impact Team," issued the following ultimatum:
"Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online."
ALM Ashley called the hack, which was first reported by the online security blogger Brian Krebs, an act of "cyber-terrorism," and promised to hold the hackers accountable.
"We're not denying this happened," ALM CEO Noel Biderman told Krebs. "Like us or not, this is still a criminal act."
The Ashely Madison site has long been a source of controversy for its blatant promotion of adultery. Given its business model — discretely facilitating affairs among married people — the site's data is particularly sensitive.
The Impact Team posted online a small sample of the information from Ashley Madison, Established Men, and Cougar Life.
The group also released a manifesto justifying their action. "Too bad for those men, they're cheating dirtbags and deserve no such discretion," it read.
According to the manifesto, the hackers were particularly upset about Ashley Madison's "full delete" feature, in which users pay $19 to erase personal information and usage history from the site. The Impact Team called the feature misleading, accusing the company of keeping purchase details, real names, and addresses of customers after they had purchased the "full delete" feature.
"Full Delete netted ALM $1.7 million in revenue in 2014. It's also a complete lie," the manifesto read.
"Too bad for ALM, you promised secrecy but didn't deliver," it went on. "We've got the complete set of profiles in our DB dumps, and we'll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people."
ALM would not discuss the group's assertions about the company's "full delete" feature with VICE News, but said that it had the situation under control.
"We have been able to secure our sites and close the unauthorized access points," the company said in a statement.
"Our team has now successfully removed all posts related to this incident as well as all personally identifiable Information about our users published online," it added.
As of Monday morning, the Impact Team's manifesto and data-dump were not accessible online.