The hacker collective LunaLock has introduced a new twist to the classic extortion playbook, preying on the fears of artists and their clients. On August 30, the site Artists&Clients—a platform connecting independent illustrators with commissioners—was defaced with a chilling message: the attackers claimed to have stolen and encrypted all of its data. They threatened to release the site’s source code and users’ personal details on the dark web unless the owner paid $50,000 in cryptocurrency. Yet their sharpest weapon of intimidation was the prospect of handing over stolen artworks and personal information to companies training AI models, thereby feeding them into datasets for machine learning.
A ransom note with a countdown timer warned that files would be made public if payment was not made. The attackers further threatened legal repercussions, citing potential GDPR fines and other regulatory violations. Payment was demanded in Bitcoin or Monero. Screenshots of the note quickly spread across social media, and the ransom page itself was briefly indexed by Google, after which Artists&Clients went offline—visitors now encounter a Cloudflare error when attempting to access the platform.
The attackers’ message bore the familiar hallmarks of standard ransom demands. What was new, however, was the explicit threat to funnel stolen artworks into AI training pipelines. Experts noted this was the first documented case of such leverage: while the possibility had been theorized before—criminals assessing stolen data to gauge ransom amounts—never had it been wielded so directly. On a platform like Artists&Clients, where copyrighted artworks are at the core, this tactic strikes particularly deep, intensifying the pressure on victims.
How the attackers might actually deliver the stolen art to AI developers remains unclear. They could simply post the images on a public site, waiting for model crawlers to harvest them, or directly upload the data into AI services whose policies allow user-generated content to be incorporated into training. Regardless of method, the mere threat galvanizes the community of artists and clients to pressure the site’s administrators into paying ransom in order to preserve control over their creations.
For now, Artists&Clients remains inaccessible, while users continue to circulate screenshots and discuss the extortion across online forums—ironically amplifying the attack’s visibility and impact.
