The hack of adultery website Ashley Madison highlights yet another data breach risk: Blackmail.
A hacker or hackers known as The Impact Team claimed to be behind the attack on Ashley Madison—whose tagline is "Life is short. Have an affair,"—and partner sites Cougar Life and Established Men. According to Krebs on Security, which first reported the breach Sunday, hackers have already published bits of the stolen data, including information on the site's more than 37 million users.
Early Monday, Avid Life Media, the Toronto-based parent company of Ashley Madison, told CNBC it has taken down all the personal information hackers posted online. "Our team of forensics experts and security professionals, in addition to law enforcement, are continuing to investigate this incident and we will continue to provide updates as they become available," Avid Life Media said in an emailed statement.
But in a manifesto excerpted on Krebs on Security, the hackers threatened to release more—including users' sexual fantasies, nude pictures, site conversations and real names and addresses—if Avid Life Media does not shut down Ashley Madison and Established Men. "A significant percentage of the population is about to have a very bad day, including many rich and powerful people," the hackers wrote.
A bad day may be underestimating the potential impact. "You could really ruin someone's life," said Chase Cunningham, threat intelligence chief at cloud-computing company FireHost.
"Without question, this is incredibly valuable information," said J.J. Thompson, founder and chief executive of Rook Security, an IT security firm. "[Site users] are now vulnerable to a significant secret." Even if the information is taken down quickly, it could easily be used as leverage not just for financial gain, but to influence decisions by any of those victims in positions of power, he said.