Well, this is awkward.
Users of the online dating site AshleyMadison.com might have found not only their names, addresses and credit card details openly exposed on the world wide web, but also their most secret sexual fantasies. What’s worse, Ashley Madison is not your average dating website: Its official slogan boldly challenges visitors to “have an affair”, because “life is short”.
The website boasts to be “the world’s leading married dating service for “discreet” encounters.” How secure it is, is further emphasized by colourful banners on the main page, promising that it is “100% discreet” and has the “trusted security award”.
Now they might want to consider taking those banners and promises off the website. Or, as the hackers demand, take it down completely. If they fail to do so, the hackers, who call themselves the “Impact Team”, will expose more and more user information on a daily basis until all customer records have been released.
In a statement sent to KrebsOnSecurity, the hackers accuse the site of lying to its users: For a fee of $19 it promised to delete all personal information, when it was in fact it was kept in the system.
This incident is just the latest of several hacking attacks aimed at dating websites. Back in 2013, a security breach at Cupid Media, which runs several dating websites, revealed personal information of over 42 million accounts. In February, the Russian dating website Topface bought back 20 million stolen e-mail addresses and in May the online sex portal Adult Friend Finder had to admit that the data of their 3.5 million users had been exposed.
While Avid Life Media, the company behind Ashley Madison admits that currently no companies are safe from being hacked, the insist that they have invested in the latest privacy and security technology. As Wired points out though, most dating websites fail to have even the most basic encryption of their user’s data
So if there is a lesson to be learned here, it may be to stay away from online dating websites. If that is not an option, we suggest having a look at our Ultimate Privacy Guide. A fake name and address, an alternative e-mail address, a VPN connection and anonymous payment methods may go a long way in saving you some embarrassment.