Hacked Ashley Madison website claims 143K members in Western Pa.

As many as 600,000 Pennsylvanians who used or flirted with using a dating website for extramarital affairs may be at risk of their presumably private pursuits going public.

The parent company of Ashley Madison, a matchmaking website for cheating spouses that purports to have 37 million users worldwide, says that it was hacked and that personal information of some users was posted online.

In addition, the person or people behind the attack are threatening to release all of the site's personal information — including its members' sexual fantasies, nude photos and financial information — if the company doesn't take Ashley Madison and an affiliate site offline, according to a prominent security blog KrebsonSecurity.

“Basically, the hackers are acting like terrorists by holding the organization for ransom,” said Albert Whale, president and chief security officer of Pittsburgh-based IT Security Inc. “They're trying to become a ‘vigilante for morality,' and I don't buy it.”

Ashley Madison, whose slogan is, “Life is short. Have an affair,” boasted 143,126 members in the 2.4 million-strong Pittsburgh metro area as of mid-January, an 8.4 percent increase in membership from 2014, said Toronto-based Avid Life Media Inc., the site's parent company.

The figures suggested as much as 5.9 percent of the metro area's residents and 4.6 percent of the statewide population had an account — presuming the company-supplied data represented unique and active accounts.

“From the moment you sign up, your photos are put under lock and key,” Noel Biderman, founder and CEO of Ashley Madison, told the Tribune-Review in January.

Biderman, who could not be reached Monday, had said he started the site in 2002 because “there were so many people on singles dating sites that weren't really single.”

“We decided to build a community where everybody knew what they were getting into, and then build the technology that kind of meshed with the discretionary functionality,” Biderman said. “I think it's a very naive notion that you can stop (affairs) in society.”

Avid Life Media released a statement Monday morning saying it secured its sites and closed the back doors into its systems.

“We are working with law enforcement agencies, which are investigating this criminal act,” the company's statement reads. “Any and all parties responsible for this act of cyberterrorism will be held responsible.”

According to Krebs, the hacker or hackers in the Ashley Madison breach, self-named “The Impact Team,” posted large caches of data from the Ashley Madison site.

Besides random personal data from members, the hackers posted maps of the company's internal servers, employee network account information, company bank account data and salary information, Krebs says.

Avid Life says it had the hackers' posts taken down and hired a technology security firm.

“As with all breaches of this nature — but particularly with this one since they're claiming a non-monetary agenda — it's early, and investigation takes time,” said David Thaw, a cybersecurity expert and assistant professor of law and information sciences at University of Pittsburgh.

The Ashley Madison hacking follows the May breach of the dating website Adult Friend Finder, which involved the theft of names, email addresses and information about the sexual orientation or habits of as many as 4 million of that site's members.

The Associated Press contributed to this report. Natasha Lindstrom is a staff writer for Trib Total Media. She can be reached at 412-380-8514 or nlindstrom@tribweb.com.