Hackers have stolen and leaked the personal details of users of Ashley Madison—a site that hooks up people who want to have affairs.
A group or individual known as The Impact Team claimed to be behind the attack and that it had data on all of Ashley Madison's 37 million users and its partner sites, Cougar Life and Established Men, all owned by Canada's Avid Life Media (ALM).
The Impact Team claims to have access to the company's user database and is threatening to release all of the information unless the site is taken down. So far the group has released 40MB of data, including credit card details as well as internal ALM files and documents.
ALM confirmed that the hack took place and told CNBC it has managed to take down all the personal information that hackers posted online.
"Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the...posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online," ALM said in an emailed statement.
"Our team of forensics experts and security professionals, in addition to law enforcement, are continuing to investigate this incident and we will continue to provide updates as they become available."
It is unknown how many people managed to see the leaked adultery site's personal details. Ashley Madison has always been a controversial site. Earlier this year, in an op-ed for CNBC, the service's CEO Noel Biderman explained why people cheat.
"Cheating is like the secret glue that keeps millions of marriages together. I would cheat before I would leave," he said.
The Impact Team stated its reason for the hack, which seemed to relate to a data retention practice. The hackers said ALM had lied to users when it said it would remove personal details from its sites for a $19 fee.
The hackers claimed that Ashley Madison's full "paid-delete" feature promises "removal of site usage history and personally identifiable information from the site," but users' purchase details—including real name and address—aren't erased.
"Full Delete netted ALM $1.7mm in revenue in 2014. It's also a complete lie," the hacking group claimed in a manifesto, according to Krebs on Security, the site that broke the story.
"Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed."
In a Monday statement, ALM denied these allegations. "Contrary to current media reports, and based on accusations posted online by a cyber criminal, the 'paid-delete' option offered by AshleyMadison.com does in fact remove all information related to a member's profile and communications activity," the statement said.
The company added that, in light of the hacking, it would now offer its full-delete option for free.
Speaking to specialist security blog "Krebs on Security", Biderman said the work may have been done by a former employee or contractor.
"We're on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication," Biderman said.
"I've got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services."
The Ashley Madison hack follows a similar attack on another dating website called Adult FriendFinder earlier this year.