Reports have been released of a cyber crime group offering stolen cosmetic procedure photos of celebrities as part of a new extortion campaign.
The UK National Cyber Security Centre (NCSC) has issued a warning about the group calling itself “The Dark Overlord” who have leaked images to media in order to receive ransom payments from the celebrities portrayed in the photos. According to news reports, a selection of photos to have been published across third party websites, but have since been deleted.
Images secured during the celebrity hacks allegedly contain before and after images of procedures including gender reassignment surgery, plus documents including insurance claims.
Celebrities involved include former model Katie Price and reality star Chloe Sims, who have allegedly been targeted through direct messages via the Dark Overlord’s anonymous Twitter account.
The infamous group’s media operations were first reported in 2016, since then, two arrests linked to the group have been made in Serbia and in the UK, including a man who had previously hacked Pippa Middleton’s iCloud account.
In 2017, the group hacked the database of the London Bridge Plastic Surgery (LBPS) clinic, stealing data including photos of breast augmentation and genital modification, demanding payment in order for them to remain unpublished.
This latest breach seems to be a continuation of their 2017 hack, as the group have claimed that the new threats are a by-product of the 2017 hack but the clinic has confirmed they haven’t been the victim of any new leaks.
The group said in their Tweets “We hacked @LBPSPlasticsurg previously. Clients @FrankieEssex and @Chloe_Sims contact us before your surgery photos become public. Bad timing for you now.”
In light of this latest leak, the LBPS clinic confirmed there has been no new hacking incidents since its 2017 leak. “We continue to liaise with the cyber crime unit of the Metropolitan Police, whose investigation is ongoing, and we also worked closely with the Information Commissioner’s Office,” said a clinic spokesperson. “And we’d like to reiterate, and reassure patients, that there has been no new data breach since the intrusion in 2017. “We have taken further extensive and robust measures to increase our security in order to protect patient data. Once again, we are saddened by news of the latest threats and we condemn the actions of the individuals responsible.”
A statement issued by London Metropolitan Police Service has said “We are aware of a cyber hacker using the name ‘The Dark Overlord’. No recent activity has been reported. No reports of any data theft have been received.”
For more news, subscribe to our weekly newsletter.