Avid Life Media (ALM), the parent of hacked dating site Ashley Madison, has offered a CAD $500,000 (AUD $524,764) reward for information leading to the Impact Team hackers.
The offer was revealed by Toronto Police superintendent Bryce Evans at a press conference in Toronto broadcasted on YouTube on Monday. It came amid the first unconfirmed suicides that may be linked to the leaked database.
“As of this morning we have two unconfirmed reports of suicides that are associated because of the leak of Ashley Madison’s customer profiles,” said Evans.
Evans appealed to “the hacking community” to come forward with information they may have gleaned on the ‘dark web’ where Impact Team leaked Ashley Madison database of over 30 million users last week.
“To the hacking community who engage on discussions on the dark web and who no doubt have information that could assist in this investigation, we are also appealing to you to do the right thing… You know the Impact Team has crossed the line,” said Evans.
Detective John Menard, from Toronto Police’s technological crime unit, clarified it was looking for help from “white hackers”.
“You’re looking at the Impact Team who are sort of operating in the dark web and areas of the internet that we don’t necessarily police on a daily basis,” said Menard who described the attack as “very sophisticated”.
As of last week the US Department of Homeland Security and the FBI have also joined the investigation alongside Canada’s Ministry of the Attorney Generals Criminal Law Office and the Royal Canadian Mounted Police.
Evans also revealed Avid Life Media discovered the breach on July 12 after employees arrived at work and turned on their computers to find “a threatening message” pop up on their screens “accompanied by the song Thunderstruck by AC/DC”.
ALM confirmed the breach to the public on July 19 after Team Impact leaked portions of the files. Today’s plea for help comes a month after ALM chief Noel Biderman said it was near to confirming who it believed the culprit was.
Evans said there was no criminal wrongdoing by ALM and that it would conduct a “vigorous and thorough” investigation despite people who take offence to Ashley Madison.
The Ashley Madison hack is seen as a landmark breach due to the sheer volume of personal records exposed and the fact they’re linked to a hook-up site dedicated to married people.
Australian security researcher Tory Hunt, who runs the haveibeenpwned breached password checker, said he’d been “inundated with email” from people affected by the leak and that they weren’t concerned about exposed financial information despite that being the focus of Avid Life Media’s statements to date.Read more: The week in security: Hackers hack the hackers as Hacking Team falls
Evans gave a similar assessment of the breach, distinguishing from hacktivist attacks on government websites or stolen credit card data.
“This type of a hack is different to most because the previous ones we’ve witnessed… This one has victimised innocent people through a company’s profile,” he said.
The leaked list has also given rise to a number of scams aimed at blackmailing victims of the breach. Evans pointed to examples of emailed threats to expose users to their families via Facebook unless they paid $300 in Bitcoin. He also warned against paying for services that offer to purge exposed profiles from the web.
“Multiple sites are now been downloaded and they are present. Nobody is going to be able to erase that information,” he said.
“We now have hate crimes that are a result of this," Evans continued. “This is not the fun and games that have been portrayed [in the media]… This is reality, this is affecting all of us.”
Want to know more?
Why not become a CSO member and subscribe to CSO's mailing list.
Get newsletters, updates, events and more right here