Ashley Madison Breach Extortion Scam Targets Hundreds

Ashley Madison

A new extortion attack has targeted hundreds of users affected by the Ashley Madison breach over the past week.

Nearly five years after the high-profile Ashley Madison data breach, hundreds of impacted website users are being targeted by a new extortion attack this past week.

The 2015 data breach of the adultery website led to 32 million accounts being publicly dumped online, including victims’ names, passwords, phones numbers, credit card information and more. Up to a year after the hack, researchers with Kaspersky said that affected users were still being hit with an array of attacks, from credit card scams to spam emails.

Now, cybercriminals are exploiting the treasure trove of breached Ashley Madison data again in a new highly-personalized and targeted attacks. According researchers at Vade Secure, extortionist are sending emails targeting affected Ashley Madison users once again.

“In the last week, Vade Secure has detected several hundred examples of this extortion scam, primarily targeting users in the United States, Australia, and India,” said Ed Hadley with Vade Secure in a Friday post. “Seeing that more than 32 million accounts were made public as a result of the Ashley Madison data breach, we expect to see many more in the coming weeks. Moreover, like sextortion, the threat itself will likely evolve in response to tweaks by email security vendors.”

Victims are receiving emails threatening to expose their Ashley Madison accounts – along with other embarrassing data – to family and friends on social media and via email, unless they pay a Bitcoin ransom (which, in the sample email below, totaled around 0.1188 Bitcoin, or $1,059).

Ashley Madison extortion scam email

Researchers said these emails are highly personalized with information from the Ashley Madison breach – including the affected users’ names, bank account numbers, telephone numbers, addresses, and birthdays, as well as Ashley Madison site info such as the signup dates and answers to security questions.

In addition to the shame associated with being an adulterous website user, researchers said that cybercriminals also leverage embarrassing previous purchases supposedly made by victims. One of the emails (above) even references previous purchases for “male assistance products,” and says “Do the partners you find on AMadison know you have been using ‘chemical help’ to have a good time?'”

The body of the emails then refers to an attached, password protected PDF, which “says what you need to do to stop this.” This PDF includes additional info from the Ashley Madison data breach, including when the recipient signed up for the site, their user name, and even interests they checked on the site when seeking an affair. It also contains the ransom demand.

“What’s interesting about this extortion scam is that the financial demand isn’t made in the email body itself, but rather a password-protected PDF attachment,” said researchers. “As the email itself acknowledges, this is done to avoid detection by email filters, many of which are unable to scan the contents of files and attachments.”

Ashley Madison Breach Extortion Scam Targets HundredsThe PDF file also includes a QR code, for victims who are using a compatible mobile payment app to scan and make the payment.

While the PDF tells victims that the QR code is an option “if you do not want to type the address,” researchers say that the QR code is a common phishing technique that is used to avoid detection by URL scanning or sandboxing technologies. That’s because many email filters do not feature detection tools for QR code technology, they said.”

“Lastly, like other phishing and scam emails, this attack creates a sense of urgency, setting a deadline of six days (after the email was sent) for the Bitcoin payment to be received in order to avoid having the recipient’s Ashley Madison account data shared publicly,” said researchers.

Sextortion-related scams are an easy way for cybercriminals to make money via ransom payments – and they’re getting better at evading detection, using new distribution techniques and shifting their “scare” tactics. However, researchers say that this attack points to cybercriminals utilizing actual data from previous breaches in extortion scams – a trend they believe will proliferate in 2020.

“This Ashley Madison extortion scam is a good example that a data breach is never one and done,” said Hadley. “In addition to being sold on the dark web, leaked data is almost always used to launch additional email-based attacks, including phishing and scams such as this one. Seeing that there were more than 5,183 data breaches reported in the first nine months of 2019, exposing 7.9 billion records, we expect to see a lot more of this technique in 2020.”

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.


  • Bob Luna on

    That explains why AM 's website is a mess! And lots of Both action!
  • BrockLanders on

    It's a total FRAUD! I searched profiles that HAD not been on for 48 hrs or more. Sent several a wink, several of them sent me collect message within 12 hours. Logged back on and searched, and NONE of them had been online in the last 48hrs. In addition, exactly zero had viewed my profile. I sent this info to AM and they thought I made the filter in the search too restive. They had a lot of other BS to try and explain. They claim a green dot means the profile is online or active, YET MANY of those also don't show up as being online in the last 48hrs. A few times, got 3 or more collect messages from women---al within 12 hours of favoriteing them. Some were happy to send me a collect message, BUT never denied request to see their private images. A lot of SMOKE AND MIRRORS HERE

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.