Ashley Madison users have more to fear than just the release of their financial records and account info in the wake of a massive security breach: authorities say scammers are targeting people whose details appeared online.
Investigators are still trying to identify those responsible for the breach of the adult dating website’s Toronto-based parent company, Avid Life Media, which has resulted in records pertaining to more than 30 million users to circulate on the Internet.
“There are confirmed cases of criminals attempting to extort Ashley Madison’s clients by threatening to expose that they’re on a list unless payment is received,” said Bryce Evans, the acting staff superintendent for Toronto Police.
In one example cited by Mr. Evans, an extortionist instructed an Ashley Madison user to send nearly $300 worth of bitcoin, the decentralized anonymous cryptocurrency, “if you would like to prevent me from sharing this dirt with all of your known friends and family.”
“Consider how expensive a divorce lawyer is,” the blackmailer wrote. “If you are no longer in a committed relationship then think about how this will affect your social standing amongst family and friends.”
Authorities have seen a variety of messages sent from would-be extortionists, Mr. Evans said, warning anyone who receives a similar email not to send payment and to instead alert the police.
Mr. Evans warned Ashley Madison account holders to avoid visiting websites that claim to let users search the leaked database to see if their information is included in the trove of dumped records.
“The public needs to be aware that by clicking on these links you are exposing your computers to malware, spyware, adware and viruses,” he said, adding that similar sites that offer to erase customer records from the leaked databases in exchange for a fee were scams as well.
“Nobody is going to be able to erase that information,” admitted Mr. Evans, who called the hack “one of the largest data breaches in the world.”
Hackers calling themselves The Impact Team said in mid-July that they had compromised Avid Life Media and would post user details unless the company took Ashley Madison and a similar adult dating website off the Web. When Avid didn’t act, the group began posting gigabytes of stolen data last week, including user data and internal records.
“There is going to be a dramatic crime wave of these types of virtual shakedowns, and they’ll evolve into spear-phishing campaigns that leverage crypto malware,” Tom Kellerman, the chief cybersecurity officer at Trend Micro, told reporter Brian Krebs last week. “The same criminals who enjoy deploying ransomware would love to use this data.”