View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Ashley Madison hits back at ‘act of cyber-terrorism’

Dating firm drops data deletion charge after hack hits 37 million.

By Jimmy Nicholls

Ashley Madison has reversed a decision to charge users to delete their data from its systems, after hackers threatened to leak the information of 37 million of its customers.

The move came after The Impact Team seemingly leaked files online in apparent protest at the "paid-delete" function on the site, which charged users £15 to scrub credit card details, personal data and information on their sexual habits.

Responding to the attackers, who demanded the shutdown of Ashley Madison and its sister site Established Men, the site’s owner claimed to have secured to site and shut down unauthorised access points, dubbing the hack an "act of cyber-terrorism".

"Using the Digital Millennium Copyright Act, our team has now successfully removed the posts related to this incident as well as all personally identifiable information about our users published online," said Avid Life Media, owner of Ashley Madison and other dating sites.

The company went on to dispute the accusation from the hackers, that it was not fully scrubbing customer data from the site after charging them for its deletion.

"The ‘paid-delete’ option offered by AshleyMadison.com does in fact remove all information related to a member’s profile and communications activity," it said.

"The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes."

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Other remarks from the firm have led the cybersecurity industry to believe that the attack is an example of "insider threat", Avid Life having claimed the suspected culprit "was not an employee but certainly had touched our technical services."

Following the news the security vendor Centrify revealed that a third of British companies believed it would be "easy" for a former employee to access their systems because of laxity in deactivating unused accounts, with half of American firms surveyed saying the same.

"Giving employees elevated access to privileged accounts and the organisation’s most critical data, applications systems and network devices is essentially giving them the ‘keys to the kingdom’," said Barry Scott, CTO EMEA at Centrify.

"It’s the equivalent of providing the front door key to your house – and you’d be very, very careful who you gave that to."

Avid Life said it is working with law enforcement to investigate the attack.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU