Hackers claim to have personal details of more than 37 million cheating spouses on dating website Ashley Madison and have threatened to release nude photos and sexual fantasies of the site's clients unless it is shut down, blog KrebsOnSecurity reported.
Ashley Madison's Canadian parent, Avid Life Media, confirmed the breach on its systems and said it had since secured its site and was working with law enforcement agencies to try to trace those behind the attack.
Ashley Madison is an online dating service and social networking service marketed to people who are already in a relationship, whose slogan is "Life is short. Have an affair." The website was launched in 2001. The name of the site was created from two popular female names, "Ashley" and "Madison".
According to third-party web analytics provider SimilarWeb, the site has over 124 million visits per month, as of 2015, and is ranked #18 among Adult sites.
The hackers, who call themselves The Impact Team, leaked snippets of the compromised data online and warned they would release customers' real names, profiles, nude photos, credit card details and "secret sexual fantasies" unless their demands were met, Krebs said.
The hackers also demanded the closure of another of Avid Life Media's sites, sugar-daddy site "Established Men", but did not target the company's "CougarLife" site, which caters for women members looking for "a young stud".
Ashley Madison has been planning to raise up to $200 million through an initial public offering on the London Stock Exchange.
The breach comes about two months after dating site Adult FriendFinder was compromised. That site has an estimated 64 million members.
The Impact Team, in a screengrab showing on the Krebs blog, say it had taken over Avid Media systems including customer databases, source code, financial records and emails.
"Shutting down AM (Ashley Madison) and EM (Established Men) will cost you, but non-compliance will cost you more," the hackers said.
They said users who had paid a fee to Avid Life to have their personal data permanently deleted had been lied to and the company had retained records, including credit card information.