When adult infidelity site Ashley Madison was breached back in July, as many as 37 million users were exposed to risk. Four months later, Ashley Madison members are still feeling the impact of the breach, as an increased volume of spam is targeting them.
According to email security firm MailChannels, the volume of spam and phishing emails being sent to email addresses stored in the Ashley Madison database is significantly higher than spam volumes sent to a random sample of addresses.
MailChannels, which has a cloud email delivery service, analyzed its email logs for billions of messages to make the comparison between spam volume sent to a control group of randomly selected email addresses and spam volume sent to Ashley Madison users. Since the breach occurred, MailChannels analysis shows that email addresses from the Ashley Madison database tend to get double the volume of spam emails that the control group receives.
The spam being sent to Ashley Madison users’ email addresses isn’t entirely random and untargeted either. MailChannels found that spammers are customizing the subject lines to make the topics more pertinent to the Ashley Madison users. Email subject lines include removal services to help users get their personal information removed from online sites.
While Ashley Madison users are getting targeted messages, they are also still getting much of the same untargeted spam that the MailChannels control group of email addresses is receiving.
The continued risk that Ashley Madison users are exposed to is not a surprise and was one that eWEEK predicted back in July when the breach was first disclosed. According to MailChannels, the Ashley Madison breach has been a big windfall for spammers in 2015.
“Definitely the major email-related breach this year was Ashley Madison,” MailChannels CEO Ken Simpson told eWEEK. “The nature of the Ashley Madison Website as a hooking up place for cheating spouses exposes its users to a wide range of extortion and fraud that we don’t feel users of other types of sites would be susceptible to.”
The Ashley Madison breach isn’t the only one that has led to an increase in email threats to users. A breach of the Patreon charity Website also exposed users to extortion attempts from scammers threatening to reveal personal information unless a payment is made. Patreon disclosed that it was breached on Sept. 30, exposing personal information on more than 2 million contributors.
Overall though, having an email address in a breached database of any type isn’t a good thing.
“If what we found from our analysis of Ashley Madison’s email list is true in other breaches, simply being involved in any breach will expose you to a greater level of spam and fraud of all types,” Simpson said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.