The blackmail of Ashley Madison users has already begun.
On Tuesday, a huge trove of data stolen from the extra-marital affairs website’s servers was leaked online. As well as confidential internal documents, this included user data on the site’s 32 million users. The info ranges from email addresses and financial details to physical descriptions and detailed sexual preferences.
According to multiple media reports on Friday, blackmailers have started trawling the database, widely available online, in an attempt to extort the users on it.
Bitcoin news outlet CoinDesk was sent an email from a reader who apparently had an account on Ashley Madison. The reader had received an email from a would-be blackmailer called “Team GrayFlay” threatening to expose them unless they sent the extorter some bitcoins.
Here’s the part of the message they received:
Unfortunately your data was leaked in the recent hacking of Ashley Madison and I now have your information. If you would like to prevent me from finding and sharing this information with your significant other send exactly 2.00000054 bitcoins (approx. value $US450 USD) to the following address…
Meanwhile, New Zealand publication Stuff.co.nz is reporting that an Auckland man has also received a blackmail demand from Team GrayFlay. “Consider how expensive a divorce lawyer is,” the blackmailer wrote. “If you are no longer in a committed relationship then think about how this will affect your social standing amongst family and friends.”
These may be the first blackmail attempts, but they are highly unlikely to be the only ones. The user info dump is fairly easy to find online, meaning that countless amoral opportunists are bound to try and take advantage of it in the weeks and months ahead.
After all: If Team GrayFlay (or any other blackmailer, for that matter) emailed all 32 million account holders, and just 0.01% of them agreed to pay up the $US450 (£288) ransom, it would still earn them $US1.4 million dollars (£0.9 million).
As unpleasant as this financial blackmail may be, it’s not the worst aspect of the hack. The dump also contains around 15,000 US military and governmental email addresses. Many are definitely fake (users are not required to verify their email address upon signing up), but it’s clear there are thousands of users with sensitive jobs that have been compromised by the leak.
Intelligence agencies are probably already “digging” through the data and considering how it can be used to leverage the individuals named within it, one cybersecurity executive told The Hill.