First, members of the adultery website Ashley Madison had their personal information unveiled to the world by hackers. Now, a bigger threat looms.
Scammers and extortionists have been combing for targets through the data on 30 million to 40 million Ashley Madison users, stolen by a group calling itself The Impact Team and dumped online earlier this month.
Police officials in Toronto said they had already seen several instances of such spinoff crimes, including extortion attempts.
Darius Fisher, the president of the reputation management firm Status Labs, said he had multiple clients who have received emails threatening to expose their use of the site if they do not send bitcoins to their blackmailers.
But Ashley Madison users are also being confronted with more subtle scams.
They are “vulnerable to any offer to help them handle the situation in any way really,” said Stephen Cobb, a digital security expert at the software company ESET.
Scammers could use data from the breach to trick victims into giving up more information, or even to hack into their computers to wreak further havoc. Such attacks are likely to continue for weeks and months, experts say.
“It’s important to understand that the attackers are clever,” said Itay Glick, the chief executive of the cybersecurity company Votiro. “They don’t need to use the information today; they can use it two weeks from today or one month from today.”
The path to installing malicious software onto an unsuspecting target’s computer can be simple. Using email addresses and information gleaned from the initial data dump, fraudsters can craft convincing so-called phishing emails that trick their recipients into revealing sensitive personal information.
Malware can also be delivered through websites offering to scrub Ashley Madison users’ records from the web, a promise that Mr. Cobb said was impossible to deliver on.
Once a computer is infected, criminals can gain access to bank accounts, steal passwords and “do anything you can do on the machine, basically,” said Israel Levy, the chief executive of Bufferzone, a cybersecurity company.
It is not just Ashley Madison users who are vulnerable. People interested in the identity of the website’s members are also falling prey to attacks.
Source: The New York Times | JONAH BROMWICH