Sorry, Ashley Madison customers: For a little while at least, the Internet knew you were a dog.
The dating site, which is designed for those who want a little extramarital action, was hacked over the weekend. Hackers claim to have data on all of the site's estimated 37 million users and have threatened to release that information, including users' "secret sexual fantasies," unless the site was taken offline, according to Brian Krebs at KrebsOnSecurity.
The hackers posted some user account and Ashley Madison business information online, Krebs reported.
In a news release Monday morning, Avid Life Media — Ashley Madison's parent company — acknowledged that the site had been hacked, but said it had successfully removed all the stolen information by using the Digital Millennium Copyright Act.
Ashley Madison has "been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies which are investigating this criminal act," the company said in a statement. "Any and all parties responsible for this act of cyber–terrorism will be held responsible."
Avid Life Media, according to Krebs, believes that the attack was carried out by someone who had worked with its technical systems but was not an employee.
These types of hack can be particularly embarrassing to people who probably don't want it advertised that they're looking for love of this nature online. As with the high-profile hack of the dating site AdultFriendFinder in May, simply having your name associated with a site such as Ashley Madison could be damaging — even if none of the actual content of what took place is released.
Hackers also claimed, according to Krebs, that even if customers went the extra mile of paying $20 Ashley Madison to delete their information through a feature called "Full Delete," there were still ways to connect them to the site, allegedly because Ashley Madison retained the name and address tied to a user's credit card.
After initially declining to comment on that accusation, Avid Life Media said in a statement that those claims are false.
The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes. This option was developed due to specific member requests for just such a service, and designed based on their feedback.
Additionally, the company said "in light of today's news," it will offer the "Full Delete" service to all of its customers for free.
Ashley Madison took some heavy flak when the paid delete feature was first discovered last year. Many users thought it was the only way to close your account. As Ars Technica reported, however, there are free options to suspend and delist your account. The "Full Delete" service came with a cost because it also removes traces of photos and conversations you've had with others, which the site told Ars Technica is a costly administrative process.
If the hackers' claims proved to be true and Ashley Madison was keeping customers' billing information, it could draw complaints from consumers and, perhaps, regulators. The government has gone after technology companies before for claiming to delete user information without being able to guarantee it.
The Federal Trade Commission notably reached a settlement with Snapchat last year over charges that the service's "disappearing" messages weren't quite as ephemeral as advertised due to third-party apps that could keep those messages indefinitely. The agency has also gone after dating sites before. The FTC in 2014 settled with JDI Dating Ltd., for apparently creating fake profiles; it also settled a 2007 case in AdultFriendFinder's 2007 case — placing sexually graphic pop-up ads on unrelated queries.
Updated: This story has been updated with an additional statement from Ashley Madison.