Two suicides are reportedly linked to the hacking of infidelity website Ashley Madison, say police, and the site's founders are offering a $500,000 reward to catch the hackers.
"Today I can confirm that Avid Life Media is offering a $500,000 (£318,000) reward to anyone providing information that leads to the identification, arrest and prosecution of the person, or persons, responsible for the leak of the Ashley Madison database," said Toronto Police acting staff superintendent Bryce Evans.
Flanked by members of the US Department of Homeland Security and Ontario police, Evans said during a press conference at Toronto Police headquarters that the Canadian-based website is working with law enforcement agencies around the world to protect more than 37 million customers.
Toronto Police received a call on 24 August indicating a recent suicide is linked to the hack. "This case has enormous economic and social fallout," said Evans. San Antonio Police Captain Michael Gorhum apparently took his own life last week when his official email address was revealed to be among the trove of user email addresses released in the hack.
Details of the site's millions of users — including email addresses, home addresses, and other identifiers — were dumped on 19 August in a nearly 10-gigabyte data file online.
Evans said that the company became aware of the cyberattack on 12 July when Avid Life Media employees turned on their computers when they arrived at work to find a threatening message accompanied by the AC/DC song Thunderstruck. The message identified the hackers as Impact Team. "The actions of these hackers is clearly criminal in nature. This hack is one of the largest data breaches in the world," said Evans.
He said that he believed the hackers would take an interest in the press conference and spoke directly to them. "Team Impact. I want to make it very clear to you. Your actions are illegal. We are now doing a serious investigation," Evans continued, adding that other criminals have already capitalized on the hack.
Email addresses from government, military, various public figures, and even the Vatican have been unearthed in the data file.
Evans warned the public to beware of scams that are emerging on the back of the release of user details. Criminals have begun online scams by scooping up the leaked email addresses and then contacting users claiming they can delete their data from the database for a fee or by following a link and entering their personal information. "By clicking on these links you are exposing yourself to adware, spyware," said Evans. "Nobody is going to be able to erase that information."
To avoid extortion he suggested users contact police immediately if they receive a message like this.
Some credit card information belonging to users was released as part of the data dump, including names, billing and home addresses, and transaction records, but not the credit card numbers of customers, said Evans.
It has been difficult to trace the hackers because they used tools to mask identifying sources of information police indicated. An email sent to AVL CEO Noel Biderman was encrypted.
The authorities called it a "highly educated hack" and appealed to the hacking community to "do the right thing" and help them trace the person or persons responsible.
"The social impact behind this leak is enormous, we're talking about families," said Evans. There are hate crimes that are a result of this. This ain't fun and games anymore."