In August 2015 a 9.7GB file containing personal details of32 million Ashley Madison accounts was posted to the dark web.  Some of the information included within thefile were names, addresses, phone numbers and passwords. Data going back as faras 2008 was compromised, including credit card information and transactiondetails. One analysis of email addresses that were found in the data dumpshowed that approximately 15,000 of the email addresses were either .mil or.gov addresses. However, it is not clear how legitimate these email addresses are. Ashley Madison was advertised as the premier cheatingsite for married individuals seeking partners for affairs. Three years after the security breach, Ashley Madisonre-emerged online. At that time the CEO of Ashley Madison, Ruben Buell,reported that the site was still adding more than 470,000 new users a month. Five years after the Ashley Madison data breach a newextortion scam has ensued nicknamed a sextortion. Damien Alexandre (Vade SecureAnalyst) has discovered the new extortion scam which is utilizing the useraccount data from the breach. Vade Secure reported that they had seen hundredsof examples of the scam attacks in the U.S., Australia and India. Thisparticular sextortion scheme is sending emails to victims of the breach. Theemail includes some of the personal information from the breach. For example, ausername or password designed to make the recipient feel that the scammers havemore information that they will expose. The demand for payment is made in anattached PDF file containing a QR code. By attaching the file with the demandemail filters are not able to detect it. In the email they will often claim tohave photos or videos of the person. They will then state that if the user doesnot pay the bitcoin ransom (usually in the region of approximately 1000.00bitcoins) the photos/videos that the scammers have will be emailed to family,friends, colleagues and posted on social media.Steven Reinkemeyer CEO of Redport Information Assurance LLLCsaid “the best advice is to ignore these scams, do not open any of the emailsrelating to this and do not open the attachments.” Sources:Vade SecureForbesSC MagazineThreatpost

For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA