Ashley Madison Leak: Here's How the Web Is Exploiting Victims of Massive Hack

Impact

Companies are beginning to find ways to profit from the mid-July Ashley Madison hack that left 32 million of the extramarital affairs site's users exposed on the Web, when the hackers released the stolen information in a massive data dump last Tuesday.

Trustify, a startup that connects customers with on-demand private investigators, has seen a surge in demand after creating a free tool for anyone to test email addresses that may be part of the leaked data, CNN Money reports. 

Mic/Trustify

If an email entered in Trustify's search bar matches profile information leaked from the hack, the company sends a warning message alerting that email address the account is a part of the leak. The company then offers paid services to users to find out exactly how much information is out there.

"You or someone you know recently used our search tool to see if your email address was compromised in the Ashley Madison leak, and we confirmed that your details were exposed," a Trustify email reads. "This sensitive data can affect your love life, employment, and follow you across the Web forever." 

While Trustify's tool is free to use to find out if an email address was included in the leaked data, speaking with an investigator costs quite a bit more than the $19 full-delete option the Ashley Madison site claims erases a user's entire history.

Trustify founder Danny Boice told CNN Money the startup charges about $268, or $67 per hour for four hours of work, for a comprehensive assessment of leaked data by a private eye. "We did more revenue yesterday alone than we did in July, and today is tracking to be even bigger," Boice said on Friday. "We're averaging 500 searches per second." 

However, Trustify isn't the only entity targeting Ashley Madison users after the leak. Krebs on Security reports extortionists have already begun attacking users with email addresses included in the hack, demanding they pay in bitcoins to keep their secrets from being revealed to loved ones. 

Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information," one spam email an affected user received says. "If you would like to prevent me from finding and sharing this information with your significant, other send exactly 1.0000001 Bitcoins (approx. value $225 USD) to the following address ... Sending the wrong amount means I won't know it's you who paid."

The tech site reports no one has yet to pay the bitcoin extortionist thus far, though this sort of residual spam from the hack will only become more detailed and realistic. Trend Micro chief cybersecurity officer Tom Kellerman told Krebs on Security, "There is going to be a dramatic crime wave of these types of virtual shakedowns, and they'll evolve into spear-phishing campaigns that leverage crypto malware, the same criminals who enjoy deploying ransomware would love to use this data."

Trustify content marketing director Elliot Volkmar doesn't seem concerned over the ethical legitimacy of his company's practices, Wired U.K. reports. "This data is now publicly available to anyone with Internet access," Volkmar said during a Reddit AMA session. "We are accessing the raw data via a third-party source. We have consulted our legal team and privacy experts every step of the way." 

The company takes a similar tone regarding the controversial hack. "We are experts finding the truth," Boice told CNN Money. "Whether we agree with the hack or not is irrelevant."