In making an attempt to minimize the damages and impact of the data breach it recently suffered, online dating website Ashley Madison is currently offering its users the means to fully delete their accounts without any traces, for free, the Guardian reports.
“As our customers’ privacy is of the utmost concern to us, we are now offering our full-delete option free to any member, in light of today’s news,” the statement stated.
The move by Avid Life Media, the Canadian company which owns Ashley Madison is to appease and reassure the 37 million users registered at AshleyMadison.com, whose privacy and security along millions of records of credit card information is at stake.
Ironically, it was the “full-delete” feature that triggered the hack in the first place, according to Impact Team’s (the hacking group) demands.
“Full Delete netted ALM $1.7 mil. in revenue in 2014. It’s also a complete lie,” Impact Team said in their statement after the breach, adding: “Users almost always pay with a credit card; their purchase details are not removed as promised and include real name and address, which is, of course, the most important information the users want removed.”
Ashley Madison responds and battens down the hatches
Furthermore, in a statement that directly refers to the ‘paid-delete’ option and the claims made by the hackers, Ashley Madison refuted such claims entirely.
“Contrary to current media reports, and based on accusations posted online by a cybercriminal, the “paid-delete” option offered by AshleyMadison.com does, in fact, remove all information related to a member’s profile and communications activity,” the company stated.
“The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes. This option was developed due to specific member requests for just such a service, and designed based on their feedback,” it added.
Since the breach, ALM claims to have successfully removed the breached cache from 6 websites which contained a mere 40 MB of user data, profile and credit card information. “Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online.”
A lost cause?
A website with millions of paying, registered users was always susceptible to being hacked, according to security researchers and experts. Hacking group Impact Team are threatening to release more information in batches during the coming days if their demand to shut down AshleyMadison.com isn’t met. With the entire data cache stolen by the hacking group (according to their claims), the damage-control exercise being undertaken by ALM is likely to be a doomed effort, ultimately.
The hack has been described by Ashley Madison as an “act of cyber-terrorism.”