Contributed by: ElyseRomano Friday, February 28 2020 @ 09:02 am
It’s been almost half a decade since news of Ashley Madison’s hacking scandal was heard ‘round the world. Now, just as memories of the hack had started to fade, data from the breach is at the center of a new cyber extortion scam.
In summer 2015, all the dating industry could talk about was The Impact Team — the group of hackers that gained access to Ashley Madison’s database of more than 37 million members and threatened to release customer records unless the dating site for adulterers shut down. The hackers made good on their threat and Ashley Madison found itself facing a $760 million class action lawsuit. Though some predicted that it could be the end of the dating site, Ashley Madison held strong and celebrated reaching 60 million members last year.
But the celebration may have come too soon. According to the email security experts at Vade Secure[*1] , a highly personalized extortion scam is making use of the user account info stolen in the 2015 data breach. The target receives an email threatening to expose their Ashley Madison account — along with other embarrassing personal information — on social media and via email. Each email is carefully tailored to the recipient with details gathered from the hack, including the user’s bank account number, birthday, telephone number and address. One example shared by Vade Secure even refers to a user’s purchases of “male assistance products.”
The financial demand is made in a password-protected PDF attached to the email. Victims are given a limited amount of time to pay a Bitcoin ransom worth approximately $1000 to a provided wallet address. The PDF also contains a QR code that can be used to make the payment and additional details from the Ashley Madison hack, including the user’s signup date, answers to security questions and interests they selected on the site when seeking an affair.
The hyper-targeted nature of these emails is new and could be an unsettling indication of what the future holds for online scammers. In its report, Vade Secure says that it detected “several hundred examples of this extortion scam, primarily targeting users in the United States, Australia, and India” in one week alone. The company predicts that, given that more than 32 million Ashley Madison accounts were compromised in the hack, many more of these emails will be sent in the coming weeks.
"We're likely looking at something new. When scams can be this specific it puts a real fear into people," said Adrien Gendre, Vade Secure's chief product officer, to TechRepublic[*2] . "If they know that much about you, they have to be dangerous, right?"
If you're targeted by this type of email, report it to the website, contact the authorities and do not make any form of payment. Be sure to change your passwords to protect your accounts against potential hijacking.