Ashley Madison Extortion Begins
Organizations are being warned to beware of now-underway spam campaigns and extortion attacks that may target employees who are current or former users of the pro-adultery Ashley Madison online dating site.
The attackers behind the data breach of Ashley Madison - tagline: "Life is short, have an affair" - are continuing to follow through on their July threat to release details about many of the site's 37 million members, unless parent company Avid Life Media shuts down three of its sites, which it has declined to do.
The group called the "Impact Team" has released a third batch of stolen data and suggested they're sitting on up to 300 GB of stolen information. The third archive extracts to a size of about 30 GB and appears to contain Ashley Madison CEO Noel Biderman's Gmail spool, comprising about 200,000 individual email messages, Doug Hiwiller, a principal security consultant at information security consultancy TrustedSec, says in a blog post. "This will be the extent of our analysis as we do not plan on reviewing any emails, or anything relating to the dump that is around an individual's personal account," he says. But that does not mean others will not do so. "The information is public, and out there."
That data dump follows the "Impact Team" last week also releasing via BitTorrent a 10 GB compressed file containing stolen information, followed by a 20 GB compressed file, although the latter appeared to be partially corrupted. "Hey Noel, you can admit it's real now," the attackers taunted Biderman in a message included with the second dump.