20.5k unique visitors in the last 3 days

Email Extortion Aimed at Ashley Madison Users

Our industry needs to think seriously about how we maintain the integrity of email addresses, if we want to keep using them as a key that opens access to other online services.

The hack of Ashley Madison, the dating website for married people who want affairs, resulted in data for its 37m users being dumped online. Now blackmailers are reportedly targeting the email addresses, sending them demands for bitcoins. Victims are threatened with the prospect that their “significant other” will be informed of the Ashley Madison data unless the money is transferred by a deadline. Security experts are also warning that compromised email addresses will also be used to bombard victims with phishing attacks and malware.

Toronto Police say that two unconfirmed suicides may have been prompted by the leak. Avid Life Media, the company which runs the Ashley Madison website, is based in Toronto. One interesting innovation by the police is that they have set up a dedicated Twitter account and hashtag for the case, allowing people an alternative method of sending them tips about the culprits.

Two Canadian law firms have instigated a massive class action lawsuit on behalf of affected Canadian users. The press release from the lawyers highlights that many customers paid additional fees to have their personal data removed, only for it to be subsequently compromised by the hackers.

Though Ashley Madison customers have particular reasons to protect their privacy, the wider message is that poor security around personal data can have consequences which cannot be fixed with money or bland corporate apologies. All sorts of businesses have been greedily harvesting email addresses for years, but do they have the wisdom to recognize that old and little used email addresses may be a greater liability than an asset? We are reaching a point where spammers might as well as possess the modern equivalent of a phone directory, listing everybody’s email address. Combining this data with other personal information just increases the potential harm. And because email addresses often double as usernames, they make it easier for criminals to hack into other online services.

The repeated degradation of personal data is also degrading our freedom to use electronic communications for all sorts of activities that require security. Email has changed the world, but repeated abuse of email may eventually push people into adopting alternative forms of communication, including the message services preferred by Google and Facebook… and do we really want even more of the world’s communication coming under their control? Telcos need to lead by example and encourage the push towards two-factor authentication for many more online services. And customers need to ask themselves what kind of a deal they accept, if they hand over sensitive information to firms but have no evidence that the firm handles their data in the way promised.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email