Industry News

Ashley Madison blackmailers threaten to create Cheater’s Gallery exposing members who don’t pay up

Blackmailers are once again trying to make money out of the notorious Ashley Madison hack, which exposed the details of registered members of the cheating website in 2015.

Robin Harris writes on ZDNet that he has received a blackmail threat, alerting him that unless he pays up $500 worth of Bitcoin his personal details will be shared on a new website being created by the extortionists.

The site, which the blackmailers claim will be launched on May 1 2017, is said to be called “Cheater’s Gallery”:

“On May 1 2017 we are launching our new site — Cheaters Gallery – exposing those who cheat and destroy families. We will launch the site with a big email to all the friends and family of cheaters taken from Facebook, LinkedIn and other social sites. This will include you if do not pay to opting out.”

Of course, the truth is that opting out isn’t really an option at all.

If the extortionists claiming to be creating the new “Cheater’s Gallery” site have your data, that’s because they got their paws on the 9.7 GB database dump released by the Impact Team way back in 2015. That data has been swirling around the internet for almost two years now, and has regularly been plundered by trouble-makers and ne’er-do-wells, some of whom have even targeted users listed in the database through blackmail letters sent via the US post.

So, paying this particular group of extortionists in the vain hope that they might not include your details in the “Cheater’s Gallery” (if such a site is even created) is kind of pointless, as it doesn’t stop other criminals trying the same dirty trick. It doesn’t even stop blackmailers specifically targeting you in an attempt to extract even more money… as they now know you’re prepared to pay at least once.

Furthermore, one has to consider if the blackmail gang’s alleged plan to write to the friends and family of Ashley Madison members is viable. Let’s not forget, it takes a lot more effort to determine the alternative contact details for someone’s wife, their friends and colleagues – information which was not stored in the hacked Ashley Madison database. And for what gain? If the bad guys tell your family that you were on Ashley Madison then there is no chance that you will ever pay them any money.

As you may recall, tragically a number of suicides have been linked to Ashley Madison’s user database being leaked. The hackers and extortionists have blood on their hands.

Don’t forget – just because a name might have been included in the Ashley Madison database doesn’t mean anyone had an affair, or ever would. They may not have been been looking for an online romance. They may have been chatting to a robot, rather than a real human being. It may not even have been them who created the account, as Ashley Madison never bothered to verify email addresses.

So, don’t be too quick to judge. And if you do receive a blackmail demand, be strong and resist the temptation to pay up. Consider informing the authorities instead that someone is trying to extort money out of you.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

6 Comments

Click here to post a comment

  • "Don’t forget – just because a name might have been included in the Ashley Madison database doesn’t mean anyone had an affair, or ever would". You can try and justify it any way you want, but if you went on the site you are just as guilty as anyone who uses it. Good on them. I hope the hackers release all the names of people who visited this vile site…..Reap what you sow idiots!!!!

    • Have you not ever heard the word Catfish? Check out the MTV show its quite sad – many people create fake profiles using fake pictures and using similar contact details to an actual person because they have low self esteem or other issues. Its a way of making acquaintances without having to let people know the real you.

      Many of the user profiles on such sites are most likely fake but using the real details of people who do not use or go near such sites, is it nice to have such a smug cavalier attitude ?

    • I agree: if you're on the site, you're guilty whether you had an affair or not. You thought about it enough to create a username/profile (emotional cheating) so there's some sort of problem in their lives where they turn to a site like this for attention. "They may have been chatting to a robot, rather than a real human being."…doesn't matter, they thought they were talking to a real human! On the other hand, I can understand how fraud can happen with AM not verifying users' email addresses…but really, I would stick with if you're on there, you're 99% guilty.

      FYI Dan, if you read the article, the hackers already released all the users' information back in 2015 so there's nothing more to hide.

  • Just because someone used AM doesn't mean there was any 'cheating' going on. It's just another dating site with it's own marketing spin. AM could not keep single people out….

  • So it's May 2, 2017, and there's no "cheaters gallery" website to be found anywhere. Looks like this was another empty threat. A shame it got the media coverage it did; it probably caused needless stress to many.

    In fairness to the media, though, who'd have thought that third-world blackmailing criminals would have said something that wasn't true?