Scammers have found a new way to wring money out of unsuspecting victims of the 2015 breach of the Ashley Madison affair-dating website, by using their stolen credentials in an amped-up version of the common "sextortion" scam.

Researchers at email security company Vade Secure found the new scam earlier this year, when they saw a small number of targeted emails with apparent information from Ashley Madison breach victims. The scam emails seemed to be well researched, with not just the users' email addresses but information like when the victim signed up, their username, and their interests they entered on the site, said Adrien Gendre, chief product officer for Vade Secure.

The threats are a worrying evolution of the sextortion scam because they appear to incorporate real information.

In the most typical version of sextortion, fraudsters make dubious, fictional claims about you via email. They say they've recorded you in a compromising position through your computer or that they have pictures of an alleged affair you are having. In those cases, the criminals blast out thousands of similar-sounding emails in hopes of persuading just one person to fall for the trick and make a requested extortion payment. The recordings and affairs are almost always nonexistent.

But in the new Ashley Madison cases, Gendre said the scammers are using carefully selected information that appear to be from real Ashley Madison subscribers, and piecing that information into more precisely targeted emails to those individuals. The ransomers then demand around $1,000 in bitcoin to keep the information silent. The grain of truth to their pitch sets the scam apart.

Gendre said he's particularly concerned because the Ashley Madison breach affected individuals with corporate and government email addresses, which could make them particularly susceptible to paying the bribe. Vade is not able to observe how many people have paid the attackers, Gendre said.