Do not trust links claiming to contain stolen Ashley Madison usernames and passwords because they are malware scams
Ever since the online adultery website, Ashely Madison was hacked there have been numerous claims made by the scammers that they have access to the user ids and passwords of 37 million Ashley Madison customers. With the rapidly increasing number of websites claiming to have Ashley Madison users and their hacked downloaded data, investigations were made by BBC to find out if they were real or fake.
On investigation, BBC found out these were spam links that involved fake data, malware and scam pages. A few files were placed with images and videos of people who commit adultery “burning in hell”.
Many of the download links on sites like Pasetbin, Slexy, or other sites known to share such data are fake as discovered by the BBC. Almost all the posts claiming to have access to the Ashley Madison user data have tempting titles such as “Ashley Madison hacked 25,000 accounts” or “Ashley Madison hacked account 100,000? or “Unbelievable Ashley Madison Hacked Ids Revealed” or “1.2 million Ashley Madison recently hacked passwords and usernames!” contain links to email addresses and passwords that have been circulating online since 2011 and have no links whatsoever with Ashley Madison.
Brian Krebs, a computer security blogger who had uncovered the attack on the Ashley Madison site had verified some of the data stolen by Impact Team, the group behind the hack.
At that time, the Impact Team leaked a small amount of information from the Pastebin website and claimed that they would leak the remaining data they have access to unless and until Ashley Madison is shut down by Avid Life Media.
ALM quickly got the links shared by the hackers removed and since then, no subsequent instances caches of such data have been leaked by Impact Team.
To fill this void, lots of links falsely professing to have stolen data on sites such as Slexy, Pastebin and other sites have been put by spammers and cyber frauds. On visit to several of these pages by BBC, it turned out that they are fake and ridden with malware.
On one hand, a range of coding tricks made it difficult for the visitors to close the webpages and pop-up warning messages that run amok on such websites. While on the other hand, there were links that led to webpages that malware traps with fake security software that told visitors that their machine has been detected with virus or had some other problems.
The website states that to get this non-existent problems with the victims PCs resolved, it required downloading of some software and paying a fee. However, no data that contained any files of Ashley Madison were found on these webpages.
Before getting a hold of the data, visitors also came across links leading to pages that were survey forms, or watching videos or registering up for an expensive mobile game.
BBC downloaded some small and hundreds of megabytes in size files that claimed to have more details in them compared to others. On opening the files, it was found out that they were filled out with images, videos and text stolen from a religious site that describes in an extremely unpleasant way of what happens to “sinners, adulterers and fornicators in hell”.
Additionally, in order to give attackers remote access to steal more data, these files contained malware that tried to install itself on a Windows PC.
Jereon Vader, who is in charge of running the Pastebin website said that they were “aware” that fake Ashley Madison data was being put up on a large scale on the site.
“Spammers will always try to abuse any trend to get some free exposure, and this Ashley Madison leak is no exception,” he said. “It is hard for us to remove everything, but we do actively search for such posts.”