She is 33 years old, from Los Angeles, 6 feet tall, sexy, aggressive, and a “woman who knows what she wants,” according to her profile. She is intriguing. However, her intrigue doesn’t end there: her email address is one of Trend Micro’s email honeypots. Wait … what?

This was how we learned that Ashley Madison users were being targeted for extortion online. While looking into the leaked files, we identified several dozen profiles on the controversial site that used email addresses that belonged to Trend Micro honeypots. The profiles themselves were quite complete: all the required fields such as gender, weight, height, eye color, hair color, body type, relationship status, and dating preferences were there. The country and city specified matched the IP address’s longitude/latitude information. Almost half (43%) of the profiles even have a written profile caption in the home language of their supposed countries.

An event like this can leave multiple questions, which we answer below:

What is a honeypot?

Honeypots are computer systems designed to attract attackers. In this case, we have email honeypots designed to attract spam. These email honeypots just sit there, waiting for emails from questionable pharmacies, lottery scams, dead Nigerian princes, and other sorts of unwanted email. Each honeypot is designed to receive, it does not reply, and it most certainly does not enroll itself on adultery sites.

Why was your honeypot on Ashley Madison?

The simplest and most straightforward answer is: somebody created the profiles on Ashley Madison using the honeypot email accounts.

Ashley Madison’s sign up process requires an email address, but they don’t actually check if the email address is valid, or if the user registering is the actual owner of the email address. A simple account activation URL sent to the email address is enough to verify the email address ownership, while a CAPTCHA challenge during the registration process weeds out bots from creating accounts. Both security measures are absent on Ashley Madison’s site.

Read the article “Ashley Madison, Why Do Our Honeypots Have Accounts on Your Website?” on blog.trendmicro.com.