Sign up for our newsletter
Technology / Cybersecurity

Ashley Madison hits back at ‘act of cyber-terrorism’

Ashley Madison has reversed a decision to charge users to delete their data from its systems, after hackers threatened to leak the information of 37 million of its customers.

The move came after The Impact Team seemingly leaked files online in apparent protest at the "paid-delete" function on the site, which charged users £15 to scrub credit card details, personal data and information on their sexual habits.

Responding to the attackers, who demanded the shutdown of Ashley Madison and its sister site Established Men, the site’s owner claimed to have secured to site and shut down unauthorised access points, dubbing the hack an "act of cyber-terrorism".

"Using the Digital Millennium Copyright Act, our team has now successfully removed the posts related to this incident as well as all personally identifiable information about our users published online," said Avid Life Media, owner of Ashley Madison and other dating sites.

White papers from our partners

The company went on to dispute the accusation from the hackers, that it was not fully scrubbing customer data from the site after charging them for its deletion.

"The ‘paid-delete’ option offered by AshleyMadison.com does in fact remove all information related to a member’s profile and communications activity," it said.

"The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes."

Other remarks from the firm have led the cybersecurity industry to believe that the attack is an example of "insider threat", Avid Life having claimed the suspected culprit "was not an employee but certainly had touched our technical services."

Following the news the security vendor Centrify revealed that a third of British companies believed it would be "easy" for a former employee to access their systems because of laxity in deactivating unused accounts, with half of American firms surveyed saying the same.

"Giving employees elevated access to privileged accounts and the organisation’s most critical data, applications systems and network devices is essentially giving them the ‘keys to the kingdom’," said Barry Scott, CTO EMEA at Centrify.

"It’s the equivalent of providing the front door key to your house – and you’d be very, very careful who you gave that to."

Avid Life said it is working with law enforcement to investigate the attack.
This article is from the CBROnline archive: some formatting and images may not be present.