NEW YORK • Hackers threatened to leak details including the credit card information, nude photos and sexual fantasies of as many as 37 million customers of a worldwide dating website that caters to cheating spouses.
However, website AshleyMadison.com said it is heartened by some initial public response that sees the site as a victim.
The website's Canadian parent company, Avid Life Media, confirmed a breach of its systems that has put the real names, credit card information and other details of as many as 37 million customers at risk. Avid Life said it has since secured the sites and closed unauthorised access points.
The dating website company has hired a British cybersecurity firm to investigate and is working with police to trace those behind the attack, said spokesman Paul Keable.
AshleyMadison.com, which uses the slogan "Life is short. Have an affair", has been planning to raise up to US$200 million (S$273.5 million) through an initial public offering on the London Stock Exchange.
It was definitely a person here that was not an employee but certainly had touched our technical services.
AVID LIFE CHIEF EXECUTIVE NOEL BIDERMAN, on how the company suspected someone who had access to internal networks as being behind the breach.
Avid Life disputed a claim made by the hackers, who call themselves The Impact Team, that a "paid delete" function will not remove all information about a member's profile and communications. Following the breach, Avid Life said it would offer the function free of charge.
In an interview with the blog KrebsOnSecurity on Sunday, Avid Life chief executive Noel Biderman said the company suspected someone with access to internal networks as being behind the breach. "It was definitely a person here that was not an employee, but certainly had touched our technical services," he said.
The dating website owner has about 160 employees, mostly in Toronto, but also in Cyprus, Brazil, Japan and elsewhere.
Mr Keable said it was too early to estimate the damage to the company's business model or IPO plans from the breach.
The Impact Team, in a screen grab shown on the KrebsOnSecurity blog, said it had taken over Avid Life Media systems, including customer databases, source code, financial records and e-mails.
The hackers leaked snippets of the compromised data online and also threatened to release the customers' real names, profiles, nude photos, credit card details and "secret sexual fantasies".
While the company says it has closed the security holes and erased the hackers' message and any personal information about users, it will do little good if the hackers have transferred the data elsewhere, said Mr Rik Turner, an analyst at technology researcher Ovum in London.
The breach comes about two months after dating site Adult FriendFinder was compromised. That site has an estimated 64 million members.