A former senior executive at Ashley Madison allegedly accessed a rival dating firm's database, apparently obtaining information on users, according to emails released in the latest hacking leak surrounding the adultery website.
Emails reportedly sent by Ashley Madison's founding chief technology officer, Raja Bhatia, informed colleagues that he had uncovered a security hole in Nerve.com, an American online magazine dedicated to sexual topics, relationships and culture, and used it to access the competitor's entire database.
Bhatia also reportedly suggested he had the ability to download and manipulate records in the database.
“They did a very lousy job building their platform. I got their entire user base,” Bhatia is alleged to have emailed Noel Biderman, CEO of Ashley Madison's Canadian-based parent firm Avid Life Media (ALM) and Rizwan Jiwan, the company's chief operating officer in November 2012.
The alleged email continued: “Also, I can turn any non-paying user into a paying user, vice versa, compose messages between users, check unread stats, etc.” Bhatia was chief technology officer at ALM from 2007 to 2010, and was still associated with the firm when these emails were sent.
At the time, Bhatia was considering investing around $20m in the rival website but he and Ashley Madison ultimately declined to do a deal.
In May 2013, Biderman reportedly asked if he should tell the rival company about their vulnerability. “Should I tell them of their security hole?” he emailed Bhatia, whose response, if he gave one, is not among the leaked emails. Bhatia could not be reached for comment.
The purported emails from Biderman run from January 2012 to 7 July 2015 – less than two weeks before hackers calling themselves the Impact Team publicised their infiltration with a warning to ALM it had one month to take down its infidelity websites.
The hackers released details of 37 million Ashley Madison customer accounts last week in the first wave of an enormous data dump published on the “dark web”. Two suicides have been linked to the hacking. In a statement, ALM said the Biderman emails were “taken out of context” and the interpretation that Bhatia had hacked Nerve was “incorrect and unfortunate”.
It said: “Nerve was exploring strategic partnerships in May of 2012 and reached out to Noel to determine Avid Life Media's interest in the property. At the time Noel did not act on that opportunity. In September PTC Advisors, representing Nerve, contacted Noel and provided a more detailed brief on the opportunity. Subsequently Noel contacted Raja Bhatia and asked for his assistance in conducting technical due diligence.
“This activity, while clumsily conducted, uncovered certain technology shortcomings which Noel attempted to understand. At no point was there an effort made to hack, steal or use Nerve.com's proprietary data.”
The Impact Team has not released data from Establishedmen.com, the other ALM dating website it claims to have hacked. That site describes itself as a “sugar daddy” site connecting wealthy men with willing young women. – Independent