Did Ashley Madison talk about hacking a rival?
After the hack and leak of the affair-prompting dating site, there's been another dump of information from The Impact Group. This time, internal emails were included, and it looks like Ashley Madison discussed hacking a competitor.
According to the leak, emails show that in 2012, AM's chief technology officer Raja Bhatia, emailed chief executive Noel Biderman after looking at the security of the new dating section magazine Nerve.com - a publication that looks at sex and relationships and all that. There, Bhatia found some security flaws.
"They did a very lousy job building their platform. I got their entire user base," said Bhatia. "Also, I can turn any non-paying user into a paying user, vice versa, compose messages between users, check unread stats, etc." Included was a link to a Github archive, with a sample of the database.
However, Ashley Madison say that these messages are being taken out of context. They say that this discovery was part of "due diligence" which was undertaken in the run-up to a proposed partnership between the two. Six months after this conversation, Bhatia emailed Biderman to see if he should "tell them of their security hole", to which Biderman didn't reply.
In a statement, AM’s parent company Avid Life Media said the emails were "taken out of context" and that the interpretation that Bhatia had hacked Nerve was "incorrect and unfortunate". It continued: "Nerve was exploring strategic partnerships in May of 2012 and reached out to Noel to determine Avid Life Media’s interest in the property. At the time Noel did not act on that opportunity."
"In September PTC Advisors, representing Nerve, contacted Noel and provided a more detailed brief on the opportunity. This communique was followed by a number of conversations. Subsequently Noel contacted Raja Bhatia and asked for his assistance in conducting technical due diligence on the opportunity. This activity, while clumsily conducted, uncovered certain technology shortcomings which Noel attempted to understand and confirm."
"At no point was there an effort made to hack, steal or use Nerve.com’s proprietary data."
While this is all well and good, Ashley Madison have been incredibly slow and unforthcoming about this whole affair (pardon the pun). It certainly seems that this mess isn't going away any time soon.