Ashley Madison spam starts, as leak linked to first suicide

'Uber for private investigators' accused of harvesting search data

Blackmail

Part of the near-inevitable wash-up from the Ashley Madison hack has begun, with people reporting getting emails offering to save them from embarrassment, and a possible suicide in the USA.

The misery caused by the hack is already in evidence in this report of a San Antonio city employee named in the Ashley Madison database committing suicide (the report notes that at this stage authorities are noting the association but not positively attributing the suicide to the exposure).

Apparently, a company called Trustify that made the Ashley Madison data searchable from a website last week is sending out “you were on the database” emails.

The email says – as The Register feared would happen – that Trustify is capturing searches made against its data:

“You or someone you know recently used our search tool to see if your email address was compromised in the Ashley Madison leak, and we confirmed that your details were exposed”, the message states.

The message then goes on to offer to “hide the exposed details” – but only if the recipient of the message makes contact with Trustify.

Discussion of the “offer” took off on Reddit, with several commenters questioning anyone's ability to hide exposed data. One commenter, claiming to be from Trustify, said the company isn't doxxing anyone, and helpfully added that "I'm going to work with the team on expanding on the messaging".

Over the weekend, The Register asked the Electronic Frontiers Foundation, the Electronic Privacy Information Center, and Electronic Frontiers Australia (EFA) their opinions of the search facilities that are springing up all over the Web.

So far – because it was weekend in America – only EFA has had the chance to respond. In an e-mail response, executive officer Jon Lawrence was critical both of sites collecting search data and of news outlets promoting search sites.

“Whatever the moral issues associated with using the Ashley Madison service, and with their particular business model, the release of this data is clearly a massive invasion of privacy”, Lawrence wrote.

The idea that people brought this on themselves by signing onto Ashley Madison is “a rather callous and simplistic view that imposes an unwarranted moral element to the right to privacy that we reject,” he added.

Security researcher Troy Hunt seems to agree, for those that haven't followed his Twitter stream:

Lawrence added that the EFA fears other abuses of the data will emerge. For example, he said, “we are also alarmed by reports that a real estate data provider is planning to include geographic data sourced from this privacy breach in their search results to provide some form of 'marital happiness rating'.”

For Australians, the EFA notes the picture is particularly bleak, since the worst exposures of data are offshore. Even within Australia, Lawrence said, “this incident highlights the lack of effective legal remedies for Australians that have suffered serious invasions of privacy”, and he called on the government to pursue the recommendations made by the Australian Law Reform Commission last year. ®

Comment

The Register stands by its warning not to trust sites offering unverified searches. If you're searching your own details, you're alerting outfits like Trustify to your concern, and if you check someone else's details, you're exposing them to harassment.

Anybody harvesting incoming search data is creating a brand-new data store, which itself is at risk of leaking with little more than a mistake in the SQL implementation.

Sponsored: Balancing consumerization and corporate control




More from The Register

zuck

Privacy? Watchdogs? Fines? Whatever, nerds, more people than ever are using Facebook and filling its deep coffers

Zuck to Uncle Sam: Go ahead, regulate me, regulate me like the naughty little founder I am
zuckerberg

Cough up, like, 1% of your valuation and keep up the good work, says FTC: In draft privacy deal, Facebook won't have to change a thing

Proposed settlement over Cambridge Analytica brouhaha slammed as ‘a mosquito bite’
Facebook's Calibra digital wallet app

Cyber-IOU notes. Voucher hell on wheels. However you want to define Facebook's Libra, the most ridiculous part is its privacy promise

Comment Digital currency tokens coming to WhatsApp, Messenger next year
Facebook CEO Mark Zuckerberg

Facebook: Not saying we've done anything wrong but... we're just putting $3bn profit aside for an FTC privacy fine

Net income halved as antisocial network preps for big slap
powershell

Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints

Direct-to-memory attacks now account for 57 per cent of hacks, apparently
panicked eye with Facebook logo reflected on surface

When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security

'This isn’t a mistake now, this is clearly an intentional product choice' says ex-CSO Stamos

Israel's NSO Group: Our malware? Slurp your cloud backups plus phone data? They've misunderstood

After report claimed its sales pitches boasted of doing that
Flags of US and Iran

Wednesday: Facebook sparks another privacy brouhaha. Thursday: Facebook axes Iranian disinfo bods. Fancy that!

Analysis Never mind these scandals, says social media giant. We're the good guys!

Biting the hand that feeds IT © 1998–2019