The fallout from the Ashley Madison data breach shows no signs of letting up, as in addition to having their personal information dumped onto the web, people are now reporting email extortion threats.
The despair triggered by the hack has been so great that an employee of San Antonio city, who appeared in the Ashley Madison records dump, even committed suicide.
According to both a tweet from 0x1C and a post on Reddit, one of the companies that made the Ashley Madison information searchable last week, Trustify, is now distributing “you were in the database” emails.
The email exposes that Trustify is retaining searches made against its statistics and is now sending out mails reading:
“You or someone you know recently used our search tool to see if your email address was compromised in the Ashley Madison leak, and we confirmed that your details were exposed.”
The email then continues an offer to “hide the exposed details” – but only if the addressee of the message contacts Trustify.
Argument about the “offer” immediately started on Reddit, with a number of comments questioning anyone’s capacity to hide revealed information. One comment, claiming to be coming from Trustify, stated that the organization isn’t doxxing anybody, and carefully added “I’m going to work with the team on expanding on the messaging.”
Noted privacy advocacy group Electronic Frontiers Australia (EFA) gave their view on the matter, with CEO Jon Lawrence saying the organization was critical both of websites collecting search statistics and of news channels supporting search websites.
Lawrence wrote, “Whatever the moral issues associated with using the Ashley Madison service, and with their particular business model, the release of this data is clearly a massive invasion of privacy.”
At the thought that it was users who got themselves into trouble by using the questionable dating service, Lawrence called that position “a rather callous and simplistic view that imposes an unwarranted moral element to the right to privacy that we reject.”
Lawrence further explained that the EFA is afraid other abuses of the information will come out.
For instance, he said, “we are also alarmed by reports that a real estate data provider is planning to include geographic data sourced from this privacy breach in their search results to provide some form of ‘marital happiness rating’.”
While the solicitations by Trustify come from a legitimate, if questionably ethical, company illegal spammers wasted little time in extorting users.
Extortion letters were observed that demanded 1.0001 Bitcoin to suppress the victim’s information, despite the fact the spammer could do no such thing.
The files now exist on Bittorrent and many other publicly available website and users’ email addresses and information are now indisputably part of the public record.