Ashley Madison, the website that connects people looking to have affairs, has offered all its customers the option to delete all their data for free in the wake of a massive security breach that compromised hugely sensitive personal data.
Avid Life Media, the company which owns Ashley Madison along with similar sites Cougar Life and Established Men, is still reeling from the huge security breach which saw a hacker or hackers using the moniker The Impact Team steal a trove of personal information about the 37 million customers around the world who use the website to have affairs.
The hacker has promised to publish more customer data if the website is not shut down immediately. ALM said that it had used the Digital Millennium Copyright Act (DCMA) to remove the content published to date.
The company's CEO has said he is confident he knows who carried out the attack and is working with law enforcement agencies who are "investigating this criminal act". The company has said it has secured its websites and "closed the unauthorised access points".
In the wake of the negative publicity around the attack, which ALM is calling "an act of cyber-terrorism", it has decided to offer its full delete service - which typically costs $19 (£12) to all customers for free.
Many of course will claim that deleting your details after they have already been stolen by a hacker is pointless and a case of closing the barn door after the horse has bolted.
The full delete service was central to the attack according to the manifesto published online by the hackers alongside a snippet of the stolen data. The hacker(s) claim the full delete service doesn't do what the company says, because "users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed."
However ALM has strongly denied this accusation:
Contrary to current media reports, and based on accusations posted online by a cyber criminal, the "paid-delete" option offered by AshleyMadison.com does in fact remove all information related to a member's profile and communications activity. The process involves a hard-delete of a requesting user's profile, including the removal of posted pictures and all messages sent to other system users' email boxes. This option was developed due to specific member requests for just such a service, and designed based on their feedback.
Ashley Madison announced in April that it was planning a $200m IPO in London later this year, but one expert believes that this security breach could put an end to those plans:
"This hack may just kill Ashley Madison. The hackers are demanding the company to shut down or face public release of the very personal details of all of its 37 million customers. This puts AM between a rock and a hard place if it continues to operate. It's unthinkable for any business, especially one that runs on discretion and trust, to betray its customers' confidentiality.
"Trust is essential for e-commerce to work. But already, we're seeing multiple areas where the company's credibility for trust has been broken. It claims to "invest in the latest privacy and security technologies" yet the breach uncovered extensive information – names, credit card numbers, nude photos, etc.
"The deeply personal nature of this hack hits home. As extramarital affairs come to light, the number of victims will multiply to include affected families. The longer the company continues to operate, the more the damage done," said Dr. Chenxi Wang from CipherCloud.