Celebrities caught in plastic surgery hack as 25,000 naked photos held for ransom online

'Before and after' photos stolen from clinic records found on the Dark Web in a searchable format.

More than 25,000 images were leaked from the surgery clinic Istock

Hackers have obtained and published more than 25,000 naked pictures and other personal information from patients, including celebrities, of a Lithuanian plastic surgery clinic. The records, now searchable on the Dark Web, have already resulted in ransom demands and blackmail attempts.

The files from the hacked clinic, called Grozio Chirurgija, contains a 'celebrity' section with a list of names from Lithuania, Denmark and other European countries. There were no British or US names on the list.

Upon analysis, entries have a 'preview' option that shows patient backgrounds. Other data, which IBTimes UK is not linking to, includes email addresses and phone numbers.

Advertisement

Local police said hundreds of "before and after" images were released in March this year and the rest of the database was published this week (30 May).

The full leak reportedly includes the personal information of more than 1,500 British citizens – who can "pay" to remove their data.

Lithuanian media reported the hackers previously demanded victims pay up to £1,700 (£2,200) to ensure their records, including passport scans and national insurance numbers, are taken offline.

The full scope of victims remains unclear, however law enforcement revealed "dozens" have reportedly been blackmailed.

'Clients, of course, are in shock,' said Jonas Staikunas, Grozio Chirurgija director, who refused to pay an initial ransom demand of 300 Bitcoin (£500,000).

"I would like to apologise. Cybercriminals are blackmailers. They are blackmailing our clients with inappropriate text messages," Staikunas added.

On the website hosting the leaked files, a statement read: "A lot of people paid us to delete their data prior to this release, so we have lowered full package price. It is now for sale for only 50 Btc [Bitcoin].

Advertisement

"It's only up to you to decide how much longer will you keep this going.

"Price is really low now. Will you have enough ego to stop this or will you continue lying to your clients?" On a 'contact' page, it added: "If you feel frustrated because of this, please contact company owners. They were dealing with this data in highly irresponsible manner."

The hackers did not immediately respond to a request for comment.

On its website, the clinic warned clients not to open or download any messages received from the blackmailers or unknown contacts and urged anyone impacted to provide their experience to the police. It claimed to have enlisted cybersecurity experts and law enforcement to probe further.

Advertisement
Screenshot from Lrytas.TV, Lithuanian media outletLrytas.TV/Screenshot

'It's extortion. We're talking about a serious crime,' said Andzejus Raginskis, deputy chief of Lithuania's Criminal Police Bureau during a press conference.

According to MailOnline, the hack is linked to a group known as "Tsar Team", which broke into the clinic's servers earlier this year.

If so, the same collective is known by many names in the cybersecurity community, including: APT28, Fancy Bear, Pawn Storm and Sednit.

Traditionally, APT28 targets large businesses, government and military groups. As such, there is little real evidence at the time of writing linking this team – previously linked to the hack at the Democratic National Committee (DNC) last year – to the Grozio Chirurgija incident.

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.