Even though five months have passed since the cyberattack on Ashley Madison's website by a group calling itself "The Impact Team", users are still at risk. Blackmail letters are reportedly being sent to users threatening to reveal their membership on the adultery website to their family and friends.
Security expert Graham Cluley says he has received a 'steady stream of emails from users worried about their personal lives. "I can understand how it would be distressing for Ashley Madison members to receive a letter like that through the post, but I'm strongly of the opinion that – in the majority of cases – blackmailers are trying their luck, hoping that a small percentage of those targeted will pay up."
But paying the ransom money will not help users anyway, he believes, and advises users to ignore such letters sent by the blackmailers. Instead, Cluley urges users to share the letters with authorities requesting their discretion.
Unless the blackmailers send something concrete "as opposed to email" that users can produce as physical evidence, police cannot carry out further investigations. Speaking to BBC, Cluley said, "If you pay up, there is no guarantee that the blackmailer won't ask for more."
Cluley said he has received at least "half a dozen" notes from Ashley Madison users who have received such threatening mails. But what is new is the blackmailers are now sending letters through the postal system. He still believes it is unlikely that the original hackers are sending out these letters.
"Typically they like to cover their tracks. This is more likely to be opportunists who have got their hands on the data," he added.
While citing that hack-mailing would become a common threat in 2016, Cluley said, "Increasingly we will see hackers stealing companies' databases and then demanding cash to stop them exposing the data on the dark web."