An online database purportedly allowing Ashley Madison customers to check if their details were leaked, along with 32m others, has spammed users with fear-mongering emails and adverts for a private investigator.
The database at trustify.com has since stopped sending unsolicited messages to its users but not before the emails caused a stink on social media. Messages were sent not just to users who checked their own emails but also to those who had their addresses checked by partners or a third party.
"You or someone you know recently used our search tool to see if your email address was compromised in the Ashley Madison leak, and we can confirm your details were exposed," the emails explained before following up with the message: "Talk with one of our experienced investigative consultants to learn how you can find out what incriminating information is available and could ruin your life."
Some emails were sent out saying "Your boss might know" in the subject header. If the email address did not match up with the list, Trustify prompted users on its site to search again saying: "It is possible that another email address that you or the person in question uses has been compromised and you may want to search for additional accounts."
The debacle surrounding trustify.com and Flimflam investigations, the investigation company it is advertising, has been surmised up by Troy Hunt, a Microsoft security developer, who has supplied his own Ashley Madison data checking service at haveibeenpwned.com.
Hunt writes on this his blog: "Keep this in mind before using a service like this: every search you do is contributing to their marketing database of potential customers built up without consent.
"Trustify is recording searches and spurring inquiries for paid investigations," he added.