Data breaches are just one step in a multi-pronged attack on your digital life. When your personal information gets stolen, that’s usually only the opening salvo. What follows after can be anything from targeted harassment and spam to full-blown ransom emails.
But why is this? Why does a single instance of stolen data lead to such drastic consequences? Well, believe it or not, data theft isn’t usually the end of the story. You can thank Dark Web marketplaces for that. Tap or click here to see how stolen data can come back to haunt you, even months after a breach.
Once a cybercriminal purchases stolen data, it’s easy to start harassing victims for cash and favors. And that’s exactly what’s happening to victims of the now 5-year-old Ashley Madison breach. People are receiving ransom messages with incriminating information at stake, but are these threats even real?
Ashley Madison: A messy affair
Five years ago, adult dating platform Ashley Madison was hit by a massive data breach that compromised thousands of user accounts. To make matter worse, Ashley Madison isn’t just any old dating platform — it was designed specifically for affairs and cheaters.
Because of the clandestine nature of the platform, it was an especially juicy target for cybercriminals. And sure enough, once the breach occurred, the hackers had access to accounts, emails and plenty of dirty laundry to blackmail victims with. Tap or click to see why the hack was so easy to pull off.
For months after the initial breach, many of the affected victims saw an uptick in threatening emails targeting their inboxes. Messages would include threats to publish evidence of affairs or worse unless bitcoin was paid, and several victims chose to pay up.
The blackmail aspect of the breach was one of the biggest points of success for the hackers and scammers behind the ordeal. But now, even five years later, the ransom emails continue to harass victims.
Once a cheater, always a cheater. Once a scammer, always a scammer.
According to a new report from CNBC, victims of the Ashley Madison scam are seeing an uptick in ransom emails that contain detailed information about their former profiles. These emails also come with fresh threats to publish the incriminating information unless payment demands are met.
The emails appear to be well researched, with snippets of information gleaned from the account owner’s former activity. This was likely obtained via the trove of stolen Ashley Madison data, which would explain how the scammers have the users’ email in the first place.
The demands are typically around $1,000. Because many of the victims happen to have government or corporate email addresses (not surprising in the least), security analysts are more concerned that this class of target will be more likely to pay the bribe.
This is especially sad when you consider the truth behind this new wave of scams: Most of the threats are totally hollow.
According to researchers from Vade Secure, many of the ransom emails are nothing more than empty threats. Regardless of whether the sender claims to have “hacked your camera and recorded you” or “found evidence of you cheating,” you can write off many of these statements as nonsense.
Most of the time, the scammers behind these messages find an email in the stolen data, match it up with a quick search of related content then use that as “evidence” and claim they’ve got your number. Your fear and doubt are what make the whole operation work.
This goes double considering most Ashley Madison users never met up with the object of their affairs in person. In truth, the majority of female users on the platform are chat bots. Many of the men “having affairs,” whether they knew it or not, were engaging in nothing more than kinky roleplaying.
In fact, the lack of real women to talk to is cited as one of the motivating factors behind the data breach in the first place. The hackers were annoyed at how fake Ashley Madison was. Does this mean some of them were members? The world may never know.
But what we do know is that getting one of these ransom emails isn’t the end of the world. Even if it contains personal information, ignore it and throw it in the trash. Don’t download any attachments or contact anyone you aren’t 100% familiar with via email.
You also might want to consider removing personal data from social media in general. Tap or click to see how to delete yourself from the web.
After all, you’re more likely to get hurt by information floating around on Facebook than a dating site. That stuff is public.