Hackers have taken to the 36 million email list stolen during the Ashley Madison hack to attempt to extort folks who may or may not have used the app to cheat. Brian Krebs has spoken to an admin in Milwaukee named Rick Romero who has been actively blocking outgoing emails asking hacked users to send a single bitcoin to keep their accounts private.
Hello,
Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.
If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $225 USD) to the following address:
1B8eH7HR87vbVbMzX4gk9nYyus3KnXs4Ez [link added]
Sending the wrong amount means I won’t know it’s you who paid.
You have 7 days from receipt of this email to send the BTC [bitcoins]. If you need help locating a place to purchase BTC, you can start here…..
One user, Mac, told Krebs that the extortion would be very disruptive but he isn’t worried. “So they have my home billing address and first and last name, so it would be relatively easy for them to get my home records and figure out who I am,” he said. “I’ll accept the consequences if this does get disclosed, but obviously I’d rather not have that happen because my wife and I are both very happy in our marriage.”
Furthermore, it’s slowly becoming clearer just how the company was running its own hacking attempts against the competition. For example in 2012, the founding CTO Raja Bhatia wrote that competitor Nerve.com was full of holes.
The leak, to say the least, is reaping some interesting – and potentially problematic – bounties for white hat and black hat hackers.