It was clear after Ashley Madison was hacked, the effects would still be felt for months and years to come.
Sure enough, five months after the breach, there are still new reports of blackmail coming in — this time, via physical letters.
In July 2015, the extra-marital affairs dating website was targeted by unknown hackers, and highly compromising data about its more than 30 million users was subsequently leaked — everything from names to addresses and detailed sexual preferences.
It’s a treasure trove for would-be blackmailers, and multiple customers reported receiving extortion demands sent to email addresses associated with their accounts — threatening to “out” the victims as Ashley Madison users unless they paid a bitcoin ransom.
To be publicly named as a user of Ashley Madison — a site designed to facilitate infidelity — is almost always going to be publicly damaging. But because the dump of Ashley Madison user data is public, there is no guarantee that even if a victim pays up, they won’t be targeted again by someone else.
Such attempts are still ongoing, and with a new twist. Graham Cluey, a security researcher who reported on the hack, wrote on his blog on Monday that he has received an email from a worried reader.
This reader says they were a user of Ashley Madison, and now have received a letter trying to blackmail them for more than $4,000 in the mail. Here’s their message:
I just received a physical postal letter to my house asking for $4167 USD or exposed my AM account to people close to me. is your advice the same as in your vid about email blackmail? Thank you
(Cluey previously offered advice on what to do if blackmailed by email in a YouTube video — don’t pay it.)
The researcher advises the readers not to pay the ransom: “I understand that it must be very unsettling and worrying, but paying the blackmailers any money is only likely to make them focus on you more.” In fact, the letter could help the police track down the blackmailer. “Of course, as the blackmailers have physically sent you something – as opposed to email – that does mean you may have in your hands some useful physical evidence for the police to investigate the perpetrators.”
It’s just one small example of the ongoing human fallout of the hack. Last week, Fusion ran a piece on its after-devastating effects. Kristen Brown wrote that in the four months since customers’ details were released, she has “counted at least three suicides, two toppled family values evangelists, one ousted small-town mayor, a disgraced state prosecutor and countless stories of extortion and divorce. The blast radius of a database dump, it seems, is very large indeed.”