Love cheats' hookup site hacked, user data purloined


#1

[Read the post]


#2

A fee to remove personal data?

Burn it down.


#3

Sleazy people running a sleazy service catering to sleazy people? No way!


#4

I thought it was weird that sleazy people would trust the sleazy service to keep their info private.


#5

I’m having a hard time mustering sympathy here.


#6

Remind me to use a fake name when I go to the doctor next.


#7

So they’re mad that SOMEBODY ELSE might try to get in on their racket of extorting their customers for money…


#8

That data is worth millions of dollars. Imagine all of the suspicious spouses logging into a created site to see if their spouse’s name popped up in the list of users.


#9

Or that’s what they say anyway.


#10

This situation is going to involve some epic popcorn. I’ll be interested to see if any notable-and-prominent types show up on the client list(the one from their ‘sugar daddy’ subsite is probably a particularly neat intersection of the great and the good and their sordid passtimes); or whether Sen. Wholesome suddenly develops a (wholly unrelated) interest in the urgency of Shutting Down All The Hackers.

That said, the behavior of the attacker is actually a bit curious; and it makes me wonder what their motive is. Obviously, most any hack involves some level of at least theoretical legal exposure. Hitting a really, really, juicy dataset on the web’s premier adultery solutions provider in the run-up to their rumored IPO is probably going to be good for more than usual. Not the sort of risk you would be well advised to run casually. That said, going public with the existence of the hack and demanding a shutdown seems unlikely to be the option with the highest payoff. If you were going for extortion, you would want to keep it quiet(unless what we are seeing is the ‘you didn’t take my offer seriously, now what do you say?’ phase of negotiations). If you were going to sell the data for spearphishing or individualized blackmail, you’d also want to keep it quiet and let your customers do that.

My assumption would be that somebody inside the organization is feeling particularly burned by them and thus willing to attack directly rather than go for maximum payoff; but I would be interested to see who it is if they do get an ID.


#11

I appreciate the irony, but I’m a little confused about the hacker’s aims.

It seems that they are upset that Ashley Madison doesn’t respect their customers’ desires to be able to safely delete their own data — i.e. that Ashley Madison doesn’t treat customers’ privacy well — so they’re threatening to release all the customer’s data?

It just seems like an odd way to fight for privacy.


#12

I’ve heard about that full-delete option before. Unlike the impression people seem to have of it here I actually think it’s reasonable. Deleting your profile deletes your profile. Full delete reaches into other people’s mailboxes and deletes what you sent, also.

I’ve heard of the usual scummy stuff with dead profiles from them but in this particular instance I think they aren’t guilty.


#13

I believe the fight is for honesty. As in, the site takes money to delete the info - and then does not delete the info.


#14

They had best get some articles on the site.


#15

[quote=“LorenPechtel, post:12, topic:62070”]
Full delete reaches into other people’s mailboxes and deletes what you sent, also.[/quote]
But apparently they weren’t doing that, even though they were apparently selling that service. They’re going to get their asses sued off. Time for some popcorn, this is going to get good.


#16

Yeah, definitely hard to feel sorry for those being exposed–not because of the implied infidelity (what most people do in their personal lives is none of our business, the exception being hypocritical politicians and the like) but because they were so awe-inspiringly stupid to put their trust in such a site in the first place. This has a real Darwin-awards vibe to it.


#17

Somehow I don’t exactly find myself surprised. For-pay dating sites tend to be pretty scummy, if they were selling a service they weren’t providing that sounds like class action time. (Although I wouldn’t be surprised if there’s a binding-arbitration/no-class-action clause in their TOS.)


#18

Main lesson- never use the Internet for anything ever.


#19

It’s pretty scummy if they only claim to delete the data but keep it anyway.


#20

It sounds like the thing they’re keeping is records from credit card payments made to the site - I suspect that’s something they’re not allowed to delete for some number of years, lest they be unable to respond to an IRS audit.

So, they’ve deleted all traces of your profile in the application itself, great - but since they don’t have any non-adultery-related properties for which they might have been taking payment, there’s no useful plausible deniability about how your credit card data got in their financial records,

(EDIT - right, it’s an Internal Revenue Service, not an Agency…)