In a long manifesto published alongside the stolen ALM data, the The Impact Team claims it decided to blow the lid on ALM after they discovered the firm's "full delete" feature is a complete lie. ALM charges customers $19 to delete all their profile information but the hacking team discovered that even though ALM pulled in $1.7 million in revenue from "full delete" in 2014, the customer details were never truly deleted.
The Impact Team demands the takedown of Ashley Madison and Established Men, they have no qualm with other ALM websites like Cougar Life. In case ALM does not comply, The Impact Team claims it will release all customer records, including profiles with customers' sexual fantasies, credit card details, real names, addresses, photos, employee documents, e-mails, etc.
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”
“Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers continued. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
ALM director Noel Biderman responds his company is hard at work to protect its IP and believes they're closing in on a possible suspect:
ALM CEO Biderman declined to discuss specifics of the company’s investigation, which he characterized as ongoing and fast-moving. But he did suggest that the incident may have been the work of someone who at least at one time had legitimate, inside access to the company’s networks — perhaps a former employee or contractor.Earlier this year AdultFriendFinder was hacked as well, that resulted in the breach of personal details of around 3.5 million users.
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
As if to support this theory, the message left behind by the attackers gives something of a shout out to ALM’s director of security.
“Our one apology is to Mark Steele (Director of Security),” the manifesto reads. “You did everything you could, but nothing you could have done could have stopped this.”
Source: Krebson Security