According to Canadian Police, there's a new type of cheater emerging from the Ashley Madison hack, which they called "the largest data breach in the world," and they're preying on people looking to find out who's on the list.
Last month's hack and subsequent exposure of millions of people on Toronto-based Avid Life Media's Ashley Madison affairs website is spawning more criminals who are luring people into giving information in order to find names of people they know in the data dump.
"Criminals have already engaged in online scams, by claiming to provide access to the leaked database," said Bryce Evans of the Toronto police.
"The public needs to be aware, that by clicking on these links, you are exposing your computers to malware, spyware, adware and viruses," he said.
In addition, some criminals are trying to extort money from Ashley Madison users by threatening to expose that they're on a list, unless payment is received, Evans explained. "This isn't fun and games anymore," Evans said. "It's affecting all of us." The fact that some people are offended by the Ashley Madison service, which matches up people who are looking to have affairs, doesn't matter, he said. This breach is a serious criminal act that will continue to socially impact our society, he said. "We're talking about families. We're talking about their children," he said. "We now have hate crimes resulting from this," he added, in addition to two unconfirmed reports of suicide related to the leaked information. Regardless of the social ramifications of the apparent "hactivists," who merge criminality with social outrage, even anyone who's just curious could expose their own data. Here's what you can do to protect yourself from this and other online criminal activity:Don't try to find names on Ashley Madison By logging onto a website that purports to provide access to the stolen data, you could be "unsuspectingly affected by malware," according to Jason Glassberg, founder of Casaba Security, a cyber security firm based in Redmond, Washington. As with any major hack, other nefarious criminals will set up websites claiming to help people who may have been exposed, or who are just curious to see who's on the list, he explained.
"By logging in, they may unknowingly give a bad guy an email account," said Glassberg, which is the start of yet another criminal data breach. Hackers need to establish the fact that they have a real person's information with a legitimate email account, and ultimately, a password, in order to steal valuable information like credit card or bank account numbers.
"Right now, any site that purports you can search for yourself or anyone else [on Ashley Madison] is illegitimate," said Alex McGeorge, head of threat intelligence at Immunity Inc., a cyber security firm based in Miami, Florida.
According to McGeorge, the leaked information has already been replicated numerous times.
"Everyone who wants a copy, already has a copy," he said.
Cancel any credit card used with Ashley Madison or any other site to try and find names of its users.
McGeorge said that even though the data stolen from Ashley Madison supposedly included only the last four digits of people's credit cards numbers, the card should still be cancelled and replaced with a new one.
Going forward, he said people who don't want their name associated with an online website can use a prepaid credit card that doesn't have their name on it.
Avid Life Media is offering a $500,000 Canadian dollar reward payment to anyone who provides information that leads to the identification, arrest, and conviction of those responsible for the theft.