An Ashley Madison user received a terrifying blackmail letter
We've just had the latest glimpse of this via a terrifying ransom demand shared with Graham Cluey, a security researcher who has been reporting on the breach.
(Scroll down for the original letter.)
In July 2015, the extra-marital affairs dating website was targeted by unknown hackers, and highly compromising data about its more than 30 million users was subsequently leaked - everything from names to addresses and detailed sexual preferences.
It's a treasure trove for would-be blackmailers, and multiple customers reported receiving extortion demands sent to email addresses associated with their accounts - threatening to "out" the victims as Ashley Madison users unless they paid a bitcoin ransom.
To be publicly named as a user of Ashley Madison - a site designed to facilitate infidelity - is almost always going to be publicly damaging. But because the dump of Ashley Madison user data is public, there is no guarantee that even if a victim pays up, they won't be targeted again by someone else.
Graham Cluey has posted on his blog a letter forwarded to him by a reader who was apparently an Ashley Madison member. The reader was sent a letter in the mail by an unknown blackmailer, and demands $2,000 (£1,396), paid in bitcoin. It warns: "If you don't comply with my demand I am not just going to humiliate you, I am going to humiliate those close to you as well."
It includes a kind of cautionary tale about another Ashley Madison user who was targeted by the blackmailer but refused to pay up. The blackmailer says they "anonymously contacted his wife, [REDACTED], and told her about [REDACTED]'s membership on Ashley Madison and told her how to confirm it for herself. But I didn't stop there. l also contacted [REDACTED]'s work colleagues. I also contacted his daughter. And his daughters boyfriend. And I contacted several of his superiors, peers, and subordinates at [REDACTED]."
The letter includes the contact details of this alleged previous victim, but there's no indication as to whether the story is true or not. Cluey says that when he checked, the bitcoin wallet the letter references had not received any funds.
Here's the letter:
If you can't make that out, here's the full text:
Hello, [redacted], you don't know me ut I know you very well. As you likely know, the Ashley Madison website was hacked a little while back and in the process some personal information from tens of millions of their clients was compromised. As scary as that sounds, most of their families will never find out. First, they would have to actively seek out the information. Second, the files containing the information are multiple gigabtytes in size and are not all that convenient to access if you don't know how. There will be some spammers who shoot our mass threatening emails to those on the lists but they can safely be ignored. Only the unlucky few will draw the attention of a true blackmailer willing to actually research a target's family and acquaintances. Unfortunately, [REDACTED], you are one of the unlucky ones.
It's just one small example of the ongoing fallout from the hack. In December 2015, Fusion ran a piece on its after-devastating effects. Kristen Brown wrote that in the four months since customers' details were released, she has "counted at least three suicides, two toppled family values evangelists, one ousted small-town mayor, a disgraced state prosecutor and countless stories of extortion and divorce. The blast radius of a database dump, it seems, is very large indeed."