When hackers made public more than 30 million user profiles stolen from the adultery website Ashley Madison last week, they had words of advice for clients of the Toronto company.
Take Ashley Madison to court, said a note accompanying the leak. "Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you'll get over it."
Moving on hasn't been easy, however. The massive privacy breach has triggered much hand-wringing, two possible suicides, online scams and extortion threats.
"This ain't a funny game any more," Toronto police acting staff superintendent Bryce Evans told reporters Monday.
He said the company is offering a $500,000 reward for information leading to the prosecution of the hackers.
The Office of the Privacy Commissioner of Canada and its Australian counterparts are also investigating the incident.
People fearful of being exposed as adulterers were reflected in the hundreds of queries received every day by Troy Hunt, an Australian web security developer who set up a website to let Ashley Madison clients check if they had been identified.
In an interview from Sydney, Mr. Hunt said he had received 60 new queries in the morning, personal e-mails laced with stress and embarrassment.
"I'm just a guy here with a wife that I really do love, I regret what I did, and I have two beautiful kids that will get sucked into this, too. It's just horrible," said one e-mail.
Criminals are already trying to prey on users. Staff Supt. Evans said there are now websites that purport to verify if someone's data has been leaked but are spreading computer malware.
Toronto police are also investigating blackmail threats. One redacted extortive e-mail released by police sought a payment in bitcoin equivalent to $300, threatening otherwise to share "this dirt with all your known friends and family (and perhaps even your employers too?)."
Staff Supt. Evans said there was no point paying since, following the breach, "nobody is going to be able to erase that information."
The leak will have long-term social and economic impact, he said. "We're talking about families. We're talking about their children. We're talking about their wives. We're talking about their male partners … We now have hate crimes that are results from this."
He did not elaborate. A spokesman for the force, Mark Pugash, would not give more details but said a range of charges could be filed as a result of the investigation, from extortion to fraudulent use of computers.
Staff Supt. Evans also said there were two unconfirmed suicides but would not say where they took place.
On his blog, Mr. Hunt said inquiries he received came from people with limited technical insight, many of whom couldn't even remember if they had visited the site or might have used a different e-mail address.
Others, in a panic, deleted the e-mail account they used to open their Ashley Madison profile and now couldn't use it to verify if they had been exposed.
Another problem were websites that allowed anyone to search the leaked data for anyone else's name or e-mail. One woman told Mr. Hunt she learned her husband's work e-mail was on the list – through a phone call from her church leaders.
Others said they were caught in the mess only after they subscribed to Ashley Madison to check if their spouses were cheating.
Police said the problem started on July 12, when staffers at Ashley Madison's Toronto-based parent company, Avid Life Media, arrived at work, powered their computers and were greeted with heavy-metal music and a threatening message from hackers who call themselves the Impact Team.
The message asked Avid Life Media to shut down two of its dating websites, AshleyMadison.com and EstablishedMen.com, which caters to women trying to hook up with wealthy men.
A week later, the hackers confirmed the breach by releasing the data of two clients, one in Mississauga, Ont., and one in Massachusetts.