KrebsonSecurity is reporting that the online "cheating" site AshleyMadison.com (and other sites run by the Avid Life Media group) has been hacked with user information compromised by a group called the Impact Team.
The group is threatening to release all data online as a result of alleged lies the ALM group told members unless the sites are entirely shut down.
"Full Delete netted ALM $1.7mm in revenue in 2014. It's also a complete lie," the hacking group wrote. "Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed."
AshleyMadison.com does offer a $20 "Full Delete" option for a users profile, as detailed in this ArsTechnica article from 2014. Obviously, this "Full Delete" is now useless, as the information is already (allegedly) in the hands of the hackers.
Is this a case of altruistic hacking or a possible case of revenge?
(Score: 2, Interesting) by Anonymous Coward on Monday July 20 2015, @08:52PM
Easy per-user encrypted keys stored in a database with a sign in unlocking said key. They can back up all they want, but they are only getting the encrypted data. Secure delete on their end equals DELETE FROM userkeys WHERE username=$deleted_user;
(Score: 1) by tftp on Monday July 20 2015, @11:15PM
Zero-knowledge setups definitely exist; however their weakness is in fact that only the customer has the key, and only the customer can understand the data. This makes it usable only in narrowly defined cases. There are some new patents that describe how to do some limited processing on partially understood data, but it's not interesting to those Web sites. A company that stores c/c numbers when it is not permitted to do so will not be spending even a dime on safeguarding someone else's data. Plenty of those services are focused on fleecing the sheep.