Cyber Incident Victim: Avid Life Media

On July 20-21, 2015, hackers identifying as Impact Team breached systems operated by Avid Life Media, parent company of Ashley Madison and Established Men. The attackers exfiltrated a cache of data including user profiles, internal network maps, employee details with salary information, and company bank account records. Impact Team released a limited subset of this data publicly while threatening to disclose the full database of 37 million users unless both dating sites were permanently shut down. The group criticized Ashley Madison's business model—exemplified by its "Life is short. Have an affair" slogan—and specifically denounced its paid "full delete" feature, alleging the $19 fee didn't actually purge user data as advertised. Their ultimatum gave Avid Life Media no specified deadline but warned of imminent full data release if the sites remained operational. The compromised user records reportedly included secret sexual fantasies, credit card transactions, real names, and addresses.

Avid Life Media acknowledged the breach on July 21, issuing statements that characterized the incident as "unprovoked and criminal intrusion" and an "act of cyber-terrorism." The company claimed to have secured its sites, closed unauthorized access points, and used DMCA takedowns to remove leaked personally identifiable information. CEO Noel Biderman suggested to KrebsOnSecurity that the hack might be an inside job but provided no evidence or confirmation of the breach's scope. While refusing to disclose full details, the company collaborated with law enforcement to identify perpetrators. As a limited remediation measure, Avid Life Media temporarily waived the $20 fee for its "full delete" service, though this couldn't protect users whose data was already exfiltrated. Impact Team maintained possession of unreleased data throughout Avid Life Media's response period, preserving leverage to enforce their shutdown demand.