Four-plus years later, Ashley Madison hack is used in new extortion scam, Ars Technica

AGAIN?!? –

Emails threaten to publish intimate details unless members pay a hefty ransom.

ashleymadison.com Four years after hackers dumped the intimate details of million Ashley Maddison subscribers , criminals have revived an extortion scheme that targets people who used the dating website to cheat on their partners.

In the past two weeks, researchers have detected “several hundred” emails that threaten to air those intimate details to the world unless the former subscribers’ pay a hefty fee. I know everything about you, ” one of the emails, dated January , says. “I even know that you ordered some … let’s call them ‘male assistance products’ online on / 32 / using your account at Bank of America N, a routing # account # [redacted] for $ for mailing to [redacted] CA [redacted]! ”The extortionist goes on to say:“ If you do not act very fast your full AMadison profile and proof of it will be shared with friends, family, and online over social media — and of course your internet orders. ”

Here are three of the emails, along with a PDF that was attached to one of them.

The new run underscores the permanence of data published in the Internet age and the damage that comes when that data includes personal information. As observed in a published published on Friday by Vade Security, a service that helps detect spam and malicious email:

This Ashley Madison extortion scam is a good example that a data breach is never one and done. In addition to being sold on the dark web, leaked data is almost always used to launch additional email-based attacks, including phishing and scams such as this one. Seeing that there were more than 5, data breaches reported in the first nine months of , exposing 7.9 billion records, we expect to see a lot more of this technique in 01575879

To bypass spam and malicious email filters, the extortion demand provides a passcode for a password-protected PDF attachment that specifies the price —A little more than $ 823 in bitcoin — along with a wallet address. The PDF also recites a litany of other details contained in the user’s Ashley Madison profile including:

(date of birth)

sign-up date

user name

security answer

dates that specific private messages were sent

Vade Security researchers detected the email campaign a few weeks ago according to Adrien Gendre, chief product officer at the company. In an email to Ars, he said researchers believe these extortion emails were part of a trial run and that a larger wave is likely to follow.

The emails revive an

extortion campaign that started within days of the data going public. Around the same time, there were reports of two Ashley Madison members dying by suicide after their data was included in the dump. The emails targeting Ashley Madison users are part. of a broader wave of so-called sextortion demands that threaten to air embarrassing secrets unless recipients pay a ransom. In more recent cases, the emails include a password taken in an unrelated website breach that contains the recipient’s personal information. The password is designed to add credibility to the claim that the recipient’s security has been compromised.

The first indication of the Ashley Madison hack came in July when site employees turned on their computers and heard them blaring the AC / DC song Thunderstruck A message displayed on employees’ screens informed them of the hack and threatened to release email addresses, credit-card data, and other subscriber information unless executives immediately and permanently took down the Ashley Madison website.

A week later, after Ashley Madison failed to comply, people identifying themselves as members of a group calling itself Impact Team (released details for two Ashley Madison members . The full outing — including, among other things, years worth of credit card details, members’ names, addresses, sexual proclivities, and direct messages — occurred a month later.

Despite the damage done to millions of users and years of unfavorable news coverage that resulted, Ashley Madison continues to operate and even thrive by some accounts. According to a report from auditors Ernst & Young , there were , new Ashley Madison accounts registered monthly that year. A report published a year later said new registrations for 2020 totaled 5.3 million and on average there were , 728 New Ashley Madison accounts registered each month. In this post , Ashley Madison claims to have 183 million members. The site’s tagline continues to be “Life is short. Have an affair. ”