August 21, 2015

People who cheat on their partners are always open to extortion by the parties involved. But when the personal details of millions of cheaters get posted online for anyone to download — as is the case with the recent hack of infidelity hookup site AshleyMadison.com — random blackmailers are bound to pounce on the opportunity.

An extortion email sent to an AshleyMadison user.

An extortion email sent to an AshleyMadison user.

According to security firms and to a review of several emails shared with this author, extortionists already see easy pickings in the leaked AshleyMadison user database.

Earlier today I heard from Rick Romero, the information technology manager at VF IT Services, an email provider based in Milwaukee. Romero said he’s been building spam filters to block outgoing extortion attempts against others from rogue users of his email service. Here’s one that he blocked this morning (I added a link to the bitcoin address in the message, which shows nobody has paid into this particular wallet yet):

Hello,

Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.

If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $225 USD) to the following address:

1B8eH7HR87vbVbMzX4gk9nYyus3KnXs4Ez [link added]

Sending the wrong amount means I won’t know it’s you who paid.

You have 7 days from receipt of this email to send the BTC [bitcoins]. If you need help locating a place to purchase BTC, you can start here…..

The individual who received that extortion attempt — an AshleyMadison user who agreed to speak about the attack on condition that only his first name be used — said he’s “loosely concerned” about future extortion attacks, but not especially this one in particular.

“If I put myself in [the extortionist’s] shoes, the likelihood of them disclosing stuff doesn’t increase their chance of getting money,” said Mac. “I just not going to respond.”

Mac says he’s more worried about targeted extortion attacks. A few years ago, he met a woman via AshleyMadison and connected both physically and emotionally with the woman, who is married and has children. A father of several children who’s been married for more than 10 years, Mac said his life would be “incredibly disrupted” if extortionists made good on their threats.

Mac said he used a prepaid card to pay for his subscription at AshleyMadison.com, but that the billing address for the prepaid ties back to his home address.

“So they have my home billing address and first and last name, so it would be relatively easy for them to get my home records and figure out who I am,” Mac said. “I’ll accept the consequences if this does get disclosed, but obviously I’d rather not have that happen because my wife and I are both very happy in our marriage.”

Unfortunately, the extortion attempts like the one against Mac are likely to increase in number, sophistication and targeting, says Tom Kellerman, chief cybersecurity officer at Trend Micro.

Kellerman is convinced we’ll see criminals leveraging the AshleyMadison data to conduct spear-phishing attacks aimed at delivering malicious software such as ransomware, a different type of extortion threat that locks the victim’s most treasured files with a secret encryption key unless and until the victim pays a ransom (also in Bitcoins).

“There is going to be a dramatic crime wave of these types of virtual shakedowns, and they’ll evolve into spear-phishing campaigns that leverage crypto malware,” Kellerman said. “The same criminals who enjoy deploying ransomware would love to use this data.”

The leaked AshleyMadison data could also be useful for extorting U.S. military personnel and potentially stealing U.S. government secrets, experts fear. Some 15,000 email addresses ending in dot-mil (the top-level domain for the U.S. military) were included in the leaked AshleyMadison database, and this has top military officials just a tad concerned.

According to The Hill, the U.S. Defense Secretary Ash Carter said in his daily briefing Thursday that the DoD is investigating the leak.

“I’m aware of it, of course it’s an issue, because conduct is very important,” Carter told reporters at the briefing, The Hill reported. The publication notes that adultery in the military is a prosecuteable offense under Article 134 of the Uniform Code of Military Justice. Maximum punishment includes dishonorable discharge, forfeiture of all pay and allowances, and confinement for one year. As such, Carter told reporters that service members found to have used adultery website Ashley Madison could face disciplinary action.

Kellerman said attacks against military personnel who used AshleyMadison may well target spouses of people whose information is included in the database — all in a bid to infect the spouse as a way to eventually steal information from the real target (the cheating military husband or wife).

“Something must already be going on for [the Secretary of Defense] to actually have a press conference on that,” Kellerman said. “We may actually see spear-phishing campaigns against spouses of individuals who are involved in this, attacks that say, ‘Hey, your wife or husband was involved in this site, do you want to see proof of that?’

And the proof, in this scenario, would be a a booby-trapped attachment that deploys spyware or malware.

Mac, who’s not a military man, says he doesn’t regret the affair he had via AshleyMadison; his only regret is not finding a way to keep his home address out of his records on the site.

“I regret using my home address and some of my personal information that AshleyMadison didn’t take as good care of as they should have,” he said. “But I really, I’m mad these hackers feel it’s so important to force the hand of people that have a different outlook on life.”

The AshleyMadison data is leaked on various sites, but the data itself is not easily searchable by folks who aren’t familiar with raw database files. However, several sites have since popped up that allow anyone to search by email address to find if that address had an account at AshleyMadison.com. True, AshleyMadison.com did not always verify email addresses, but some of these AshleyMadison search services coming online will indicate whether the associated email address also has a payment record — a marker which could be useful to extortionists.


310 thoughts on “Extortionists Target Ashley Madison Users

  1. Sophie

    How many of you are on this site arguing over the moralities of the people who got caught up in this instead of spending time with your spouse or partner right now? Are you making them bored? Most likely.

    Go have some good morning sex and don’t worry about these other people you have never met. Your spouse doesn’t care about them, and right now you don’t care about your spouse.

    1. Flo

      thanks for your world view, can’t have much more cliche.
      if you’re bored with your partner easily, it’s because you get bored easily, not because of what he does.
      Start caring about something and you’ll not be bored.
      If that’s too hard, don’t blame it on others.

    2. Kyle

      Are you high? A lot of people have those feelings, sure, but they find constructive ways to fulfill them, not sabotage their own spouse’s wellbeing in the process, on top of being completely unfaithful.

      Aside from that, I doubt you can really say that when they’re known to have pulled tricks, such as h*cking c*mpetitor DBs.

      As they say, what goes around, comes around. They had cheated the world, and they’ve gotten cheated.

  2. JohnDoe

    Was putting in email addresses of people I thought would be on list and they weren’t so I put in the one I didn’t think would be and Found my wife’s email address. Haven’t confronted her yet. Tried to download the torrent, but Nortons kept stopping it. Pirates Bay one looked to be down.

    I’d pay a company to get me the info, I’d like to know more before I say anything to her. Like did she pay, did she have affair. It doesn’t really matter to me if she did pay or didn’t fact was she was looking.

    She’s one of those ones that’s all adultery is unforgivable etc… She put herself in situation to commit it, so she’s a hypocrite.

    1. DavidW

      John,
      Just walk away and get on with your life. She is not a hypocrite. She is most important, because life is most important in life, which is always true. However, so are you and she seems to think that your reality being truthful is not as important as her, so she doesn’t understand herself properly, let alone have the ability to truly care about you. For all she does to prop herself up as being so important that she has the right to steal your truthful reality in this short life that is so precious, she misses the truth of how important she really is. Look what she is doing to you.

      As for the article above, the same goes for Mac. Mac saying,

      “But I really, I’m mad these hackers feel it’s so important to force the hand of people that have a different outlook on life.”

      is complete nonsense. If you outlook on life is treat others as if they are not truthfully equal and also not most important, then your so called “outlook” is based on a lie that is simply disproved by truth that you have attempted to place yourself as more important that someone else, so much so that you would steal from them living in truthful reality, for you to get your horny desires fulfilled.

      Every single person that is in this list, which is very easy to get, regardless of what the articles say, that really signed up would be walked away from and never given another chance. Forgiveness is up to you, that’s your choice, but please walk away and set your boundaries. Once a person has issues enough that they do these things to others it takes 10-20 years of constant therapy just for them to get around to really caring about others again. It’s not an affair, it’s an extra-marital affair and is much more problematic than meth, heroin or drinking.

      And yes, it is evil because it denies the most important truth of all in life: Life is most important in life, same as killing and consuming animal products for the sole purpose of unneeded personal gratification (fun, taste, unneeded nutrition, etc.)

      1. DavidW

        As for the article above, the same goes for Mac. Mac saying,

        Opps, didn’t proof read the paragraph below. Here it is again, fixed, hope you understand.

        “But I really, I’m mad these hackers feel it’s so important to force the hand of people that have a different outlook on life.”

        is complete nonsense. If your outlook on life is treat others as if they are not truthfully equal and also not most important, then your so called “outlook” is based on a lie that is simply disproved by truth that you have attempted to place yourself as though you are more important than someone else, so much so that you would steal from them living in truthful reality, for you to get your horny desires fulfilled.

        As for those that have children, it does not help your children to live in an environment as if the reality they are in is truthful, when it is not. They are most important too and have to make their own choices. To steal the truth from them and deny them the ability to discern truthful reality from BS is a terribly evil thing to do to anyone, let alone a child, someone who lives in innocence with more time to do more for life in general than the adults have.

        1. Shahmeran

          And that’s why infidelity is so damaging to the betrayed, including any children who may be affected.

          It’s not the extramarital sex that does the damage (unless, of course, one brings an STD home to their partner). Couples in fully consenting open relationships routinely have extramarital sex, yet without the consequences faced by couples who have vowed to forsake all others.

          The damage lies in the betrayal of trust in an intimate relationship that places the betrayed spouse in a situation where they don’t even know what’s true anymore. It can even be a form of gaslighting. The long term consequences for both the betrayed spouse and the children can be emotionally devastating, impacting their ability to trust anyone and adversely affecting how they interact with the world.

          We’re talking about a life-altering shift in consciousness here, people. No one deserves to have that injury inflicted upon them.

          It’s not about the sex. It’s the dishonesty that ruins relationships and families. If the marriage is really that bad, end it honorably and move on. The cheater does no one a favor (except themselves) by staying in the marriage for the sake of the children. Children can do very well following divorce if raised by a loving parent. They do less well in a home where mom or dad cheats and isn’t investing in the marriage.

          Cheaters, you are not noble for staying in your loveless marriages for the sake of your kids. That’s a crock. Admit it, you just don’t want to endure the possibility of an expensive divorce that requires you to split your financial assets. Not to mention endure the shame of your cheating ways breaking up a family and incurring the judgment of your parents, relatives, friends, and church (if you swing that way).

          Once again, it’s all about you and your needs.

      2. ohreally

        With all due respect, why do you think it’s OK to enforce your moral values on others? Of course, you are entitled for an opinion on any subject, but why do you think it also gives you the right to judge? the hackers, and people who post their opinion like yourself, have taken the role of God – “we tell you what is right and what is wrong, we tell you you are a sinner and you deserve a punishment!” – well, no. you are not god, it is not your place to preach others, nor is it the hackers’. what ever happened to “mind your business” or “live and let live”?

        1. Kyle

          It’s not just Christian communities who are against it. No woman or man, Christian or not, would be thrilled to know their “special someone” cheated on them.

          Your defense of it sm*cks of self-guilt.

      3. Daniel A Benny

        Hacking is a very big issue which has to discussed widely and spread awareness among the people hackers are ruin your personal life and business, I suggest a company called Loment which protects your Privacy and Security of the Data in use, Data in Transit, Data on Air, Date on Handset by product called Peanut Secure SMS, Cashew Secure Chat, Walnut Secure Email Website URL: http://www.loment.net/
        https://play.google.com/store/apps/details?id=com.loment , https://play.google.com/store/apps/details?id=com.loment.cashew

      4. Kyle

        that and AM doesn’t verify emails, which could leave it easily guessed and then registered. Or alternatively, gotten from an online list.

    2. Fran

      Get her phone then go to Ashley Madison’s website and type in her username. Then hit reset password. It will email the new password to her. If you can get her phone to do this, her email should just open with a button. Tell her yours is dead and you need to make a call and act normal if you have to. Then once the password is in drive off if you can so she can’t stop you. Keep the phones screen active if you don’t know the password or it will log you off. Then log in with the new password and you will be in her account. You are welcome :).

    3. Raj

      Maybe she joined to find out if you were on it!

      Here is a snippet of a local paper article

      “He said that media had reported that Ashley Madison was a matchmaking web portal for adults. Manohar CR, a techie from the city, said, “I decided this as a potential candidate to visit the portal for a preliminary survey to review and assess its matchmaking capability, as we are also building a portal that includes match making features, and not for seeking an extramarital affair or a date. But at some point, the reason for my entering this website changed from reviewing to more of proving that this site was a completely fraudulent one. After signing up and becoming a member, I noticed many facts including male members receiving messages from fake female members on a regular basis enticing them to becoming paid members.””

    4. JohnDoe2

      Maybe she signed up to see if she could find you on it lurking about …

  3. Porter Jervis

    Black mailing is a very dangerous business. The blackmailer may think he/she is invisible, but so did AM customers.
    People have been known to respond rather violently when backed into a corner.

    1. Neuro

      Yes what happens if the tray and blackmail a CIA operator or anyone else with TS clearance.

      Boos I swear it I though it was ISIS /AlQuada /FSB and they made a suspicious cross body movement 🙂

    2. Kyle

      you mean as opposed to the angry spouse who shoots their “life partner,” finding them in bed together?

  4. ZebraTech

    Having an account on Ashley Madison does not equate to having had an affair. The success rate of men wanting to hookup versus actually doing so, especially on Internet dating sites is a pretty small percentage.

    Karma is real. Those that had affairs have to live with that, hopefully their spouses and kids don’t. The Impact Team will eventually be caught. Maintaining OpSec for something that has gotten this big is tough. Eventually one of them will open their mouth and it will all unravel. You’ve pissed off a lot of powerful and successful people. They’re gunning for you now, literally!

    For those on “the list” of the A.M. account holders. “…honey, yes, I had an account, I was curious, I never followed through…” . Infidelity sucks, but it isn’t worth destroying marriages, lives, or careers. Grow up, this is 2015. Keep your morality for things that actually matter.

  5. JohnDoe

    Was putting in email addresses of people I thought would be on list and they weren’t so I put in the one I didn’t think and Found my wife’s email address. Haven’t confronted her yet. Tried to download the torrent, but Nortons kept stopping it. Pirates Bay one looked to be down.

    I’d pay a company to get me the info, I’d like to know more before I say anything to her. Like did she pay, did she have affair. It doesn’t really matter to me if she did pay or didn’t fact was she was looking.

    She’s one of those ones that’s all adultery is unforgivable etc… She put herself in situation to commit it, so she’s a hypocrite.

    1. Neuro

      So you admit to conspiracy to blackmail interesting mr Doe

      1. jeffrey

        So confronting your wife is ‘conspiracy to blackmail’, what?

  6. jon vonn

    Not the Hackers have become wanted. There are probably hundreds of state and local laws that were broken.
    I am sure some other governments who are not known for their forbearance will not be pleased either. This may be much more than a disgruntled fool. Anyway not matter it is now only a matter of time till the hackers are found. They need to hope that turning themselves in is the safest course.

  7. Was Not Me

    My credit card number was stolen a couple months ago and was used at AM. My name and partial address shows up in the leak for credit card transactions.
    I now have the name and email address of the guy that used my cc. Is that enough evidence to go to the police?

    Also, if you find someone that you know in the leak, make sure you have the right person before you start a witch hunt.

      1. Was Not Me

        I know a guy who downloaded the leaked data.
        There is a subdirectory named creditcardtransactions that shows how much a member charged to a card.
        The guy that used my stolen cc also used a few other stolen cards.
        AM should have done some fraud checks. The cards span a few states with different card holder names.

  8. TJ

    @ was not me. How do you find out your name and address is in the file? I am hoping to check mine.

  9. Mr Mi

    The only messages I’ve received to my AM disposable email address has been garden variety (as far as I noticed) porn spam – starting yesterday.

  10. Chuck

    The Impact Team’s great show of self-righteous moral indignation as justification for dumping the data is a convenient load of crap.

    They did it because it was easy; they did it because the site’s security sucked, and it was really fun for them to publicly bring a large entity to it’s knees. Once that had been accomplished, they put on TV preachers’ robes and pointed to the “sinners”, to make sure everyone knew that it was all justified… and not the equivalent of kids running down the street breaking car windows on a Saturday night for fun.

    You know, except for using some technical skills to accomplish their goals, the impact team’s not a even a little bit different from the nosy, nasty old lady at the end of my street that sneaks around back yards trying to catch her neighbors in HOA violations. My guess is that it gives what looks to be a meaningless life a sense of purpose, or just something to do.

    Cheaters or not, it’s sad what happened.

    1. AHAWAWAHA

      That may have been the funniest thing I’ve seen all day. Thanks for the giggles. 😛

  11. TJ

    I gave in. Downloaded the files. But I have a Mac and it’s proving very difficult to decrypt them. I can’t seem to do in the format I downloaded them in but if I convert them I lose the digital signature and they won’t decrypt. Any help would be appreciated. I only want to grep my name and then delete them.

    1. Sokol L

      Keep us posted and good luck. Please try and relax and get rest. I take it Pirate Cove is back up on line?

    2. Sunshine

      Download for free Unarchiver to convert files (for mac).

  12. thedude

    Came clean w/ my wife and fully disclosed my involvement on AM. Went over like a wet fart at church, but nonetheless we’re working to get through it.

    That said – if you were in the hack and you made charges to your account from home – CONTACT YOUR ISP AND GET YOUR IP CHANGED.

    Chances are your public IP is exposed and criminals will try infiltrating your home networks. Got my ports on lock right now until my order is fulfilled by my ISP on Monday.

    Also, if your cell is public record somewhere, expect phone calls from these extortionists. I received two of them yesterday. They start by saying they’re “calling about the computer and messages…” If they don’t get what they want within 30 seconds of calling they hang up.

    1. Forebode

      Chances are you have generic internet access without a static IP address. IP will change after a power-cycle/power outage. Your IP lease can also expire in their systems. Generic IP is usually super-nettted/sub-netted to hell. If it was done more than a month ago, you’re probably fine.

      1. thedude

        Still better safe than sorry. My IP has been the same for several years now, which is surprising since I don’t have a static IP.

  13. TJ

    I’ve given up. It’s 2am and I need some sleep. I see pastebin is full of names now. For a couple of areas in the U.S only. IT WONT BE LONG….

  14. DJ

    I got on for a week years ago and flirted with somebody. No actual contact. It was like looking at porn. Spent maybe $75. Now my life is about to become ruined after the Pastebin stuff. It’s just a matter of time. I don’t know if I can take this anymore. I guess it’s my fault. It’s going to really hurt my wife and parents when I’m gone. I think they would have forgiven me but I don’t think I can take the public shame. I have a high-profile private sector job. I just want to disappear.

    1. Tj

      @DJ

      Hold your nerve. There are millions of people affected by this and there maybe safety in numbers. This news story will drag on as more and more high profile victims get outed but people will lose interest at a personal level after a while. I hope. Also, the news is helping to hide the lookup sites. Most people only ever look at the first page of Google anyway. if you haven’t deleted the linked email account do it now! And don’t open anything that looks remotely suspicious. They will bombard those accounts in the hack for easy money. If they make enough they may not bother trying to track down others. Also, so many people will try to blackmail users that it will become just another type of spam. Oh and lock down your social media accounts. Google yourself and make sure you don’t appear. These are small things that may not be enough but it’s something. Don’t be the easiest victim.

      1. DW

        The mobs have a short memory indeed. Bill Clinton is one election away from being FMOTUS. Anyway…I did most of your reccomendations except for deleting the email address. Wouldn’t it be better to maintain control over that account? If anything else just to view/observe activity…but never to engage w any potential blackmailer. If there’s silence they will just move on…

        1. TJ

          @DW

          If you so much as see an image from of those emails, even in a preview pane, they could have your IP and location. I think it’s best to delete the account and pray that they find some softer targets. Also, they can only out you once. How do they know someone else hasn’t? What you really want, and yes this is terrible, is not to be outed until they start blackmailing people who weren’t even in the dump. I can see it happening, they can easily cut and paste some data and make up a profile, but this means that you can say that it’s not true. Provided these instances get enough press.

          Or you can tell your wife and take some control over the situation.

          1. AlphaCentauri

            It’s just good policy to set your email reader to not load remote images unless specifically allowed each time.

            1. SeymourB

              Indeed, a couple weeks ago I spent a good hour going over a newly updated Android phone until I figured out where the hell the setting was to not load remote images. All mail clients have the option, it’s just a matter of finding it. Since it’s Google there’s pretty much zero documentation.

  15. Db

    I just saw the Louisana paste in listings. They will have to bring it down for copyright reasons. I also posted a complaint for abuse. We’ll see how long it lasts…

    I do hear the drip, drip though…

    Do you think that people will lose interest soon and stop the new websites? I tried to search for names on the leaked AFF data but it was very difficult

  16. Canuck

    One of my employee’s name/details can be found and he doesn’t care. As he says, “I’m a single guy and I could care less if anyone knows I was trying to find an attached hookup partner.”

    Otherwise, some extortionists are going to be barking up an empty tree.

  17. Sokolishus

    Does anybody know what “ctrl c” is supposed to do on Pastebin? I went into the Texas page and hit “ctrl c” like instucted and nothing happens. I am desperate!! Please help!

    1. Tj

      Right. Here it is. Name checker.

      http://amicaught.com/

      Found it on Facebook. I entered Smith then Joned and got thousands of results. I saw some in my country. This makes me think it’s accurate. I entered my surname, partial first, then full. No results. Maybe my one CC trans slipped the net. There are comments on another thread saying that some payments are missing.

      Good luck and let me know how you get on. I want to know if it’s legit/ accurate.

      1. George

        Once again – this is all Canada. No USA addresses.

      2. Mike

        I don’t see how this answers the question regarding ctrl-c (it means “copy” btw—-same as right-click copy)

        Since “Smith” is one of the most common names out there, this is no indicator of accuracy at all. I’m sure there are thousands of results.

        It sounds like you trust everything you read on Facebook.

        1. Sokol L

          Mike – many links on Pastebin lead to surveys where you have to provide an email address. The “cntrl c” I finally figured out and downloaded the info. Unfortunately it leads to the survey and possible spam.

      3. Db

        This website said that it will updated on Wednesday…:(

        Is there any chance it gets shutdown before then?
        Is it over? This last week has been hell… AM was not worth the week that I was on it

  18. JRCCBDTO

    Dear Pastebin: I hope that my soon-to-be widowed wife and kids sue you for everything you have! Did you really have to put my name on your website labeling me as a cheater? I was on the AM site for only 3 weeks and never met a single soul more than 2 years ago. I close my account was ashamed of what I did and moved on knowing I never cheated on my wife. Now, you find it in your best interest to put my name on your website. Therefore, after I am gone here in a few days I hope that I widowed wife and kids sue you for everything that you have!

    1. Mike

      “I hope that my soon-to-be widowed wife and kids sue you for everything you have!”

      Good luck with that

      1. Sokol L

        Dateline NBC paid through the nose for a suicide for documentation on that person who was actually trying to meet young kids for sex. There is precedent here.

        1. Mike

          as insane as such things are…….

          Of course there is a precedent, this type of thing has been going on for thousands of years. That doesn’t mean that a lawsuit will ever come close to any form of reality.

          1. SeymourB

            Well, seeing as they’re not based in Texas, the chances of such a lawsuit actually winning went up tremendously. If they had been based in Texas then I would certainly have expected such a lawsuit to go nowhere, since they overwhelmingly rule in favor of companies, even in cases of gross negligence. Of course the flip side of the equation is that if one of the perpetrators get caught and he lives in Texas, then they’re pretty much screwed since the corporation (AM) will still receive favored treatment.

            Since AM lives in a slightly more sane part of the world, it certainly is possible that they could be on the hook for the inevitable lawsuits that will follow. The question is how much can they be held liable since they’re not the ones releasing this information. I would say they’re still on the hook for quite a bit, since they certainly were lax about upgrading their servers, lackadaisically renamed known-exploit default directories poorly, etc. which is how these glorified script kiddies got access in the first place.

            However, the poor schmucks who actually committed the act and released the data are in for a world of pain when they’re caught. They will be sued out of existence not just by AM and its creditors, but also potentially by every last person whose information they’ve divulged. They’ll probably turn out to be minors, but that just means their parents will bear the brunt of the financial penalties.

        2. TG

          Precedent means nothing if the company you’re suing can’t pay or is out of business.

      2. Kyle

        most of the people who say stuff like this are just looking for attention.

        I was suicidal back in 2013 and again in 2014. I had meant it, but random people on the web don’t always mean it. There are of course examples where they do, but the sheer magnitude of those who do it for attention can’t be ignored when putting together the equation.

        Aside from that, suicide is, a., a cowardly deed with complete disregard for your family’s wellbeing; and b., a self-deed, not a forced deed, making for txt which is simply being hosted, as non-culpable.

  19. TJ

    Update. That site only appears to be valid for profiles from US and Canada and does not reference billing details. So my wait goes on….

    Good luck.

      1. TJ

        I saw comment on FB saying there were US and Canada only.

        1. Sokol L

          I think it’s like all the other ones that had names to check. It is overwhelmingly Canadian.

  20. Wan Chai

    There are so many uses for this data it is scary. What has effectively been released is a huge database of secular promiscuous people who are not afraid to spend money. Extortion and phishing aside, I’m wiling to bet they all get a whole lot of personally adressed spam selling everything from escorts to medical supplements.

  21. JC

    HAHA! Extortionist. The ultimate loser.People who can’t find a real job, so they rob their fellow human beings.

  22. Tom

    While the revelations coming out of this data dump is quite astounding, it goes to show that we need to stay on top of digital security as webmasters, as cybercriminals are always looking for an angle…

  23. BooHoo

    BOO-HOO , to all you cheaters !
    Actions, meet consequences !
    KARMA ….. It’ll get you every time !

  24. Tj

    @boohoo

    Tell that the gays use this site for secret meetings, as they didn’t want to come out. Especially those ones in parts of the Middle East where being gay is punishable by death. Tell that to the battered wives who went on the site for company in the belief that it was the most secure. And tell that to single poeple who went on the site and are now going to have their privacy destroyed. Nothing is black and white. Nothing is clear. No one should judge.

    1. BooHoo

      LMAO ! You can’t be effing serious !
      You MUST be a member . Sucks to be YOU !

      1. Tj

        The hacking of the site has exposed millions of people, including hundreds in Saudi Arabia where adultery is potentially punishable by death.

        The site was predominantly used by people looking to cheat on their partner, but it is thought that many single gay people used the service to avoid detection by oppressive governments.

        1. Mike

          How’s that detection avoidance workin’ for ya?

          I’m sure that there were people thinking that way. It’s a very naive way of handling the internet. Too many people think they can fix everything with an update or a patch. There are other things going on that are so far beyond anything you have control over. People actually have come to believe they can cover their tracks (well on your own local computer ‘maybe’). People really need to wise up to what these things are. Being horny, lonely, or oppressed is not going to work as an excuse.

          It’s time to deal with that flashing 12:00

    2. Mike

      When one looks at the data in this dump…..it seems pretty black and white to me (black text on a white background). But I guess it all in how you have your setting set.

      It’s either in there or it’s not.
      You’re either a member or your not.
      You’re either worried about this or you’re not.
      You’re cheating or you’re not.
      Members will deal with this or not.
      Spouses will stay or not.

      It all seems pretty clearly black and white to me.

      Now if you wanna talk about the destruction of privacy….that went out the window when signing up as a member on the site.

      I personally don’t care what you do with you’re sex life. But, using websites like Ashley Madison is clearly not the smartest way to go.

  25. IA Eng

    Don’t open any emails that you do not know, especially if it has a subject line which may indicate it could have AM data within.

    When you open up an email and there is a photo or other symbol that can be sent back to them in the form of an web server log, it gets worse. Now they could have your IP address you are using, and can get a general location of where you’re at.

    So make sure your email system does not use PREVIEW pane, which is not good to use for unknown emails. Turn off any sort of email receipts. For spam set up a rule to immediately send the spam to the DELETED folder. Ensure when you close your email the email trash is emptied.

    NEVER respond to these emails. If you do, you’re going to find yourself on a ton of email lists from the SPAM kings themselves.

    If your being targeted, the first thing these people do is look up any social media information on you, and then see if there is a significant other in your circle. They can use a few sites on the internet to look up your name and get some general info about relatives and on rare cases, even include a phone number.

    Having false hopes about any class action suits may be a bad idea. If your name comes up associating yourself with the site, its almost like an admission of guilt. Since the site did not have any email verification system, its nearly impossible to say who signed up legitimately or who was signed up as an act of revenge.

    I read on one website where it was recommended that all woman on the Am site should file a Class Action suit. I don’t know about you, but the chances of any payout are slim to none. By doing that you acknowledge you have been to the site and were/are actively looking. With all that social media craze out there, the women would be hounded by the crazies by the hundreds, before even one legit fish might swim by.

    It also adds a perception of untrustworthiness if your willing to come forth an say you were a victim of this site. You can say whatever you wish – it was an experiment, your were just curious, ect; but the bottom line to most is that you were on a cheating and unethical website as a active member….Its best to let the drama and stink settle down. before you know it, some other breach will come along and this one will be buried once and for all. Lets hope that is REAL soon.

  26. C3po

    These braincases entering emails into an ‘untrusted’ website to ‘check’ are hilarious…The smart ‘hacker’ / ‘malicious services provider’ is most likely harvesting all of these addresses for future spammage and arbitrarily indicating your ‘in there’ or your NOT (said like Borat) for their own amusement… just incredible.. Love it
    Thank you ..thank you Mr. Krebs for the enjoyable read!

Comments are closed.