Hackers are threatening to publish the highly personal details of up to 36 million people who use the cheating website Ashley Madison.
The hacker, who calls himself The Impact Team, breached the internal systems of Canadian company Avid Life Media (ALM) which owns Ashley Madison as well as similar sites Cougar Life and Established Men.
The breach occured over the weekend and was first reported by security researcher Brian Krebs after the hackers posted a manifesto online alongside a random sample of the Ashley Madison database and a map of the company's internal server network.
Impact Team published some 40MB of data to prove its claim that it had breached ALM's security, including details of employee network account information, company bank account data, and salary information, alongside the details of Ashley Madison's customers.
The hacker has threatened to publish more customer information on a daily basis unless ALM takes its websites offline "in all forms". The manifesto continues:
The reason the hacker, who is believed to have worked with ALM at some point, carried out the attack is the company's Full Delete product which offers customers a way to wipe away evidence of them having used the company's websites for $19 (£12.20), a service which the hacker claims earned ALM $1.7m in 2014 despite the service not doing what it promises:
"Full Delete netted ALM $1.7m in revenue in 2014. It's also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed."
ALM has confirmed the security breach, telling Krebs that it is working hard to remove the customer data from the web and its CEO Noel Biderman believes the company has already identified the person behind the attack:
"We're on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication," Biderman told Krebs. "I've got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services."
The attack on Ashley Madison comes just weeks after a similarly high-profile attack on sex community website Adult FriendFinder which saw the intimate sexual preferences of 4 million customers being traded on the dark web.
Update: Ashley Madison has now published a full statement, confirming the attack and adding that it has shut off the vulnerability which allowed the hacker to gain access: