Ashley Madison Users Blackmailed Through The Post

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

Users of the self-described adultery site have begun receiving blackmail letters through the post following last summer’s data breach

Blackmailers are continuing to target users of adultery website Ashley Madison whose personal details were made public by a hacker earlier this year, with some now sending threats to users’ homes through the post, according to an IT security expert.

Security analyst Graham Cluley cited an email from a US reader who said a blackmailer had demanded more than $4,000, threatening otherwise to expose the reader’s Ashley Madison account.


“It appears that blackmailers are also prepared to take things a step further and write letters to the homes of hacked users,” Cluley said in a blog post.

Ashley Madison was hacked in July and a cache of its internal data was released a month later.

Police in Toronto, where the site’s parent company Avid Life Media is headquartered, linked the hack to extortion attempts, amongst other harmful effects.

Cluley advised users who receive blackmail emails not to pay, and said his advice is the same for those who receive letters through the post.

“I’m strongly of the opinion that – in the majority of cases – blackmailers are trying their luck, hoping that a small percentage of those targeted will pay up,” he wrote. “Paying the blackmailers any money is only likely to make them focus on you more. Ignoring them is probably a better plan.”

Physical evidence

He urged those who receive blackmail letters to turn them over to law enforcement authorities as physical evidence.

Police have so far failed to track down those responsible for the hack, but some security researchers have said the individual or individuals are likely to have had direct access to Ashley Madison’s IT infrastructure, perhaps having worked for the company as a contractor.

The hacker or hackers had originally threatened to release the stolen data unless Ashley Madison and similar sites run by ALM were shut down, calling the site a scam. Ashley Madison claimed to have 37 million users at the time.

ALM chief executive Noel Biderman resigned in late August in the wake of the incident.

Are you a security pro? Try our quiz!