CYBER ATTACK
image

Cybersecurity

Cheating site Ashley Madison revokes controversial data-wipe fee after hack attack, claims it's the victim

PUBLISHED : Tuesday, 21 July, 2015, 3:11pm
UPDATED : Tuesday, 21 July, 2015, 3:26pm

Customers worried about the privacy of their data following the hacking of infidelity dating site Ashley Madison can now have their information deleted from its servers for free, the company said on Tuesday. 

The site, which claims to have over 37 million users worldwide, including half a million subscribers in Hong Kong, has changed tack following an attack by hackers over the weekend.

"As our customers' privacy is of the utmost concern to us, we are now offering our full delete option free to any member," Ashley Madison's parent company, Avid Life Media, said in a statement. 

Despite the embarrassing hack, the site said it is confident of receiving a sympathetic public response that it is a victim of blackmail.

The attack seems to have been motivated in part by Ashley Madison charging users to remove their information.

The site, whose slogan is "Life is short, have an affair", does not operate on the Chinese mainland.

READ MORE: Adultery website attacked as threat to Hong Kong family life

Hacking group Impact Team, which has claimed responsibility for the attack, said the full delete did not remove all user data. 

“Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed,” the hackers said. 

ALM refuted this claim in the statement, and vowed to pursue "any and all parties responsible for this act of cyber-terrorism". 

Before the incident, Ashley Madison charged users US$20 to remove all their data from its servers, a policy that had led to criticism from privacy campaigners. 

Impact Team claimed the company made more than US$1.7 million from the feature in 2014.

The dating website company has hired UK cybersecurity firm Sycura to investigate the breach, first reported by the KrebsonSecurity blog, and is working with police to trace those behind the attack, spokesman Paul Keable said.

The dating website owner has about 160 employees, mostly in Toronto but also in Cyprus, Brazil, Japan and elsewhere.

Keable said it was too early to estimate the damage to the company’s business model or IPO plans from the breach.

But one Canadian investment banker, who asked not to be named, said the breach could put those plans at risk.

“There are a lot of risqué websites that are looking to go public, the problem here is that the way Ashley Madison works is it puts customer privacy as [paramount], the fact that you have a hacking scandal at least temporarily puts the kibosh on any IPO plans for them,” the banker said.