Again, we have a nightmare phishing scenario with the brand new AshleyMadison (AM) hack. A few months ago, the Adult Friend Finder (AFF) website was hacked, and now their biggest competitor.
AM is one of the most heavily-trafficked websites in the U.S. and has 37 million registered users, some will overlap with AFF though. A rough guess is that 10% of your users may be very worried at this time that their sexual preferences and/or activities are going to come out. These end-users are a security breach waiting to happen.
Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to the users of the hookup service, whose slogan is “Life is short. Have an affair.”
The data released by the hacker or hackers — which go by the name The Impact Team — includes sensitive internal data stolen from Avid Life Media (ALM), the Toronto-based firm that owns AshleyMadison as well as related hookup sites Cougar Life and Established Men.
Here Is The Problem
Any of these 37 million registered users is now a target for a multitude of social engineering attacks. Just one example: you can imagine that a man married to a woman but who is hunting down gay hookups on the side could easily be blackmailed or receive a spear phishing email with a poisoned link that infects his workstation.
People that have extramarital affairs can be made to click on links in emails that threaten to out them. I already see the phishing emails that claim people can go to a website to find out if their private data has been released. This is a nightmare that will be exploited by spammers, phishers and blackmailers who are now gleefully rubbing their hands.
Mass media has not jumped on this yet, but you can count on this breaking news hitting the press big time. If any of your users has registered on AM, they are going to be worried about it. This is a nightmare phishing scenario. Jilted spouses, divorce attorneys and private investigators are undoubtedly already going to pour over the data.
From Cyberheist News