Hackers are already capitalizing on the massive data dump that left 32 million Ashley Madison users exposed.
On Tuesday, hackers released the private information of customers who’d used the online service, which connects people seeking to have affairs.
By Friday, extortionists had begun targeting some of those users.
Rick Romero, an IT specialist who runs an email provider called VFEmail, uncovered spammers trying to use the service to target victims of the Ashley Madison hack.
People can use VFEmail to create a free email account. Romero said it’s not uncommon for spammers to sign up to send bulk emails. Friday morning, he said his spam filter flagged a series of mass emails sent to Ashley Madison victims, first reported by Krebs on Security.
“Unfortunately your data was leaked in the recent hacking of Ashley Madison and I now have your information,” the extortion email read.
The group requested one bitcoin (around $225) to prevent the information from being shared with the user’s significant other.
The message said users have seven days before being exposed.
“It looked like they attempted to send about 1,500 or 2,000 [messages] through my service,” Romero told CNNMoney. “They probably filtered the database for recent log-ins.”
While Romero’s filter prevented many of these emails from going out, he estimated that around 500 were sent before the filter was activated.
It’s the latest fallout from the security breach. Much of the stolen database, which was initially posted on the dark web (which is accessible through a special browser called Tor) has made its way to the open web. Along with extortion, victims risk identity theft, as many personal details like addresses and partial credit card information are now available.