The Ashley Madison hack has been something of a side show in the data breach community because of the supposed “comedy” of cheating spouses being caught. But it appears there is now some real fallout from the hack. People who were online, now find themselves the subject of “scammers and extortionists”:
Now there’s word of scam sites charging hefty fees to expunge the data of exposed members and attempts to extort people caught up in the privacy nightmare.
One of the best known offenders is known as Trustify, which bills itself as a private investigator service. According to security researcher Troy Hunt, Trustify is sending unsolicited e-mails with the subjects such as “Your boss might know” to many of the 36 million addresses included in the resulting dump.
To its credit, Trustify later required email verification before allowing the search service to continue, but some reports have even disputed that.
Now the Washington Post acknowledges how severe this hack could be, reporting “Earlier this month, personal information about millions of Ashley Madison customers, including e-mails, member profiles, credit-card transactions and other sensitive information, showed up online.”
Some are even claiming that when people deleted their accounts, potentially determining they had made a bad decision and wishing to quit the site all together, were still caught up in the data breach because Ashley Madison misled consumers about its data destruction policy. And misstatements like this:
We treat data as an asset that must be protected against loss and unauthorized access. To safeguard the confidentiality and security of your PII, we use industry standard practices and technologies including but not limited to “firewalls”, encrypted transmission via SSL (Secure Socket Layer) and strong data encryption of sensitive personal and/or financial information when it is stored to disk.
seem to be a viable basis for a lawsuit.
Ultimately, members of Ashley Madison site made some poor choices. But not so poor that their financial information should be exposed, and not so poor that they should be extorted by people willing to use information to get them fired or otherwise.