Ashley Madison


'I now have a direct line to message all your friends and family': Blackmailers extort bitcoin from scared Ashley Madison users after hack

PUBLISHED : Thursday, 10 September, 2015, 8:00am
UPDATED : Thursday, 10 September, 2015, 8:00am

News of the Ashley Madison hack may be off the front pages, but enterprising criminals have not forgotten, with cybersecurity researchers saying users of the cheating site are being targeted for blackmail. 

The personal information, emails and sexual preferences of more than 37 million Ashley Madison users was exposed last month, when hackers who had broken into the sites servers dumped databases and internal communications online. 

According to Toshiro Nishimura of Cloudmark, users whose emails were exposed by the leak are now being contacted with demands for payment in the digital cryptocurrency bitcoin if they don't want information of their Ashley Madison membership sent to their family and friends. 

"Unfortunately your data was leaked in the recent hacking of Ashley Madison and I now have your information," wrote one blackmailer, calling himself Barton.

"I have also used your user profile to find your Facebook page, using this I now have a direct line to message all your friends and family." 

Barton demanded to be sent 1.05 bitcoins (around US$250 as of September 10) or he would "out" the user. 

From an investigation of the bitcoin blockchain, a public record of all transactions in the currency, Nishimura estimated that around US$15,000 had been paid to blackmailers targeting Ashley Madison users. 

"For a spammer with pre-existing infrastructure and tools, this extortion campaign could have yielded a worthwhile sum for very little effort," Nishimura said. 

"All the blackmailer had to do was download the Ashley Madison data, extract the email addresses, generate a Bitcoin address for each victim and send out the emails."

READ MORE: Flirting with the truth - Just 2,600 Hong Kong men paid to join Ashley Madison as hack reveals cheating site exaggerated numbers

Numerous experts had expressed concern over the Ashley Madison data being used for blackmail purposes, as has the US military. An estimated 15,000 US government and military emails were found in the company's email database. 

Digital blackmail can be a lucrative business, from "ransomware" hacks which disable computer systems until the owners pay up, to a new Android app recently discovered by security firm Zscaler which took photos of users when they watched porn.

Zscaler said the app, Adult Player, lured users in with promises of free pornography, took photos of them using front-facing cameras on smarpthones, and then displayed a message demanding US$500.