Customers of Ashley Madison, a “dating” website for men to arrange affairs, have fallen victim to a new “sextortion” scam some five years after a breach that exposed the names of the 37 million of the website’s users.
Email security company Vade Secure stated that some of the victims of the original 2015 hack have found themselves caught up in a new scam, one in which the fraudsters demand $1,000 from the victims in exchange for their continued silence over their usage of the website.
The 2015 Ashley Madison Breach
Ashley Madison provides people in relationships with the opportunity to have affairs. It was the target of hackers in 2015, with the hackers stealing information on users and posting it online for the world to see. Divorce lawyers called the breach “Christmas in September” after the hack led hundreds of relationships to an abrupt end. Over 37 million people had their sexual fantasies and affairs made public by the “Impact Team” of hackers.
The Ashley Madison breach was one of the largest cyber-breaches that the world had seen at the time. The hack also exposed the extramarital activities of celebrities and politicians who had used the site. The original attack on Ashley Madison has been linked to three suicides; one in the United States and two more in Canada.
Hackers alleged that they coordinated the attack in order to strike out against Avid Life Media, the owners of the website. after they used bots who would pose as real women to talk to – and seduce – men on the site. The company announced that Noel Biderman, their Chief Executive Officer, left following the attack.
The Gift That Keeps on Giving
Five years later, more scams are hitting the people who had their names leaked online. The Chief Product Officer for Vade Secure Adrien Gendre said that scammers are targeting those hit by the breach. The scammers would send emails using the stolen information to demand payment in return for silence.
CNBC reports that the scam emails are highly researched and they use real-life information about the user, including their email address, when they joined the website, their username, their security questions, and the sexual interests they entered into the website. One such scam email suggested that people are being blackmailed by individuals who say they will expose private messages to friends and family. These emails reference specific messages and include personal attacks.
“FOR ALL YOUR FAMILY AND FRIENDS?” says one message. “Of all the private messages you sent to members, the reply you sent on Sunday, July 31, 2011, was the best. Perv!”
The scammers demand up to $1,000 in bitcoin payments in return for them not posting the information. Gendre warned the victims to not give in to the demands of the fraudsters in this latest “sextortion” scam. A sextorition scam is one where scammers send out mass emails alleging to have incriminating photos and videos of people. They demand payment and threaten to expose said images and videos if they do not receive it. These images usually don’t exist, but the hackers hope that people will still fall for it and send the payment anyway.