The Ashley Madison hack, which exposed email and other personal information of thousands of the adultery service's users, is leading to a range of online fraud.
Consumers should be on guard against a number of scams, said Bryce Evans, acting staff superintendent of the Toronto Police Service, in a Monday press conference to discuss the hack. Those include websites that promise to provide access to the leaked client names but instead deliver malware, as well as outright extortion by fraudsters seeking to capitalize on the potential embarrassment of people who had registered with Ashley Madison.
"Criminals have already engaged in online scams by claiming to provide access to the leaked website. By clicking on the links, you are exposing your computers to malware," he said.
The fallout comes after hackers last week exposed about 32 million names, emails and physical addresses of people who had signed up for Ashley Madison, which helps married people arrange extramarital affairs.
The hackers, who call themselves the "Impact Team," are now the focus of an investigation that so far has involved authorities in Canada, where Ashley Madison's parent company is based, as well as U.S. agencies including the FBI and the Department of Homeland Security.
Ashley Madison's parent company, Avid Life Media, is offering a $500,000 reward for information that leads to the arrest of the people behind the hack, the Canadian police said on Monday.
While Evans didn't disclose details about the investigation during the press conference, he warned consumers about the widening impact of the hack. Criminals are also running extortion scams, telling people that they can erase their names on the list in exchange for payment. One email that was highlighted by security expert Brian Krebs asked for 1.0000001 Bitcoins, or about $225.
People who are victims of extortion attempts should contact law enforcement, Evans added. "Nobody is going to be able to erase that information," he said.
The police also confirmed that some credit card information was released, although that may have only included the last four digits of customers' cards. Ashley Madison clients should check their credit card statements and take steps to protect themselves if they believe their accounts are compromised, he added.
"Team impact, I want to make it clear to: Your actions are illegal and will not be tolerated," Evans added. "This is your wakeup call."
There are two unconfirmed suicides that may be linked to the hack, Evans said. While he didn't provide details about the deaths, the Daily Mail reported that a Texas police chief took his life after his official email account was reportedly linked to an Ashley Madison account.
Evans noted that some consumers may be offended by the service offered by Ashley Madison, but that it has no bearing on the investigation, which has found no wrongdoing on the part of Avid Life Media. The activity of the hackers, on the other hand, he said, "is clearly criminal in nature."
"This has resulted in enormous social and economic fallout," Evans said. "You are talking about families, their children, their wives, their male partners. Imagine going home and people talking about this at the dinner table. We have hate crimes that are a result of this. This is not the fun and games that have been portrayed."