Information Technology Services (ITS)

Ashley Madison Phishing Advisory

Published on: August 25, 2015

Ashley Madison Phishing Advisory

Due to the ongoing reports and developments related to the Ashley Madison user data breach, we would like to advise our community about potential scenarios they may encounter.

Over 36 million records of registered users have been leaked online, including information such as names, addresses, phone numbers, financial transactions with the Ashley Madison site and other personal preferences associated with the service.

This information could be exploited by cyber criminals in many ways, including sending spam, phishing and possibly blackmail messages to potential victims of the leak or people who may not at all be associated with the site, but who are led to believe that their information is in fact out in the open.

We advise our community to be on the lookout for any threatening email messages, which may slip through the spam filters that have anything to do with Ashley Madison, or that imply connection to the service.

If you encounter a message of this nature, it could contain malicious attachments or extortion tactics. We ask our users to delete these messages immediately at the office or at home.

If you already received a message of this nature and took action by opening any attachments or clicking on links, please get in touch with your local Help Desk for further assistance.

Advisory Update: [August 28, 2015]

Since further developments re: Ashley Madison data breach, it has come to our attention that in addition to passwords and other sensitive data, password recovery questions may have also been released. These questions may include, but are not limited to:

What is your mother’s maiden name?
What is the name of your High School?
What is your favourite Sports Team?
What is the last 4 digits of your SSN?

As such answers typically do not change throughout a person’s life, in addition to users changing their passwords, they should also consider changing their secret questions if they have re-used them for other online services.