A former Ashley Madison senior executive allegedly accessed a rival dating firm's database, including its complete list of users, according to US media reports of emails released in the latest hacking leak surrounding the adultery website.
Emails reportedly sent from its founding Chief Technology Officer, Raja Bhatia, told colleagues that he had uncovered a security hole in Nerve.com, an American online magazine dedicated to sexual topics, relationships and culture, and used it to access the competitor’s entire database. Mr Bhatia also reportedly suggested he had the ability to download and manipulate records in the database.
“They did a very lousy job building their platform. I got their entire user base,” Mr Bhatia is alleged to have emailed Noel Biderman, CEO of Ashley Madison’s Canadian-based parent company Avid Life Media (ALM) and Rizwan Jiwan, the company’s Chief Operating Officer in November 2012.
The email is further alleged to claim: “Also, I can turn any non-paying user into a paying user, vice versa, compose messages between users, check unread stats, etc.”
The best, worst, and most unusual dating sites
The best, worst, and most unusual dating sites
1/18 Clown Dating
"It's no fun looking for love when you're a clown, behind all the make-up and the red nose is a lonely heart. Clowns are unique entertainers loved by some yet feared and hated by others. Luckily Clown Dating is here to help."
2/18 Dead Meet
"A dating networking site for death industry professionals"
"Tinder is the fun way to connect with new and interesting people around you. Swipe right to like or left to pass. If someone likes you back, it’s a match!"
4/18 Plenty of Fish
The largest dating site has over 90 million users
5/18 Ashley Madison
Ashley Madison "offers services to married folks looking for something on the side". It already has over a million members, as chief executive Noel Biderman said that British adults were most likely to have an affair than in other comparable countries
6/18 Sea Captain Date
Sea Captain Date website claims to be the only place for Sea Captains to connect with men and women who share a love of the ocean
Those on a more serious quest for love tend to choose the UK’s largest dating site for professionals such as E-Harmony, which has a huge list of compatibility criteria on which it pairs its users
8/18 Feet Dating
The cybersphere also boasts a plethora of dating sites for those who want to tailor their sexual fetishes like Feet Dating ("to please everyone who has a foot fetish")
9/18 Guardian Soulmates
"Soulmates community features thousands of smart, modern, independent people who are worth getting to know"
10/18 Singles with Food Allergies
The founder claims that dating can be a nightmare for those who suffer severe reactions, since popular venue choices so often include food and drink
11/18 Herpes Dating Service
"Living with HSV is something that initially may take some psychological adjustment for some patients. It does not mean the end of your sex life or that you will need to remain unmarried for the rest of your life."
Probably one of the most popular choices for tech-dating newbies
13/18 Miss Travel
Miss Travel website asks users to select from two options "attractive" and "generous", and pairs wealthy globe-trotters with hot companions
14/18 Pensioner Dating
Pensioner Dating offers a forum for "older people who want to meet new friends and companions"
Singleparents.ie is "Ireland’s number one dating site for single moms and dads"
16/18 S&M Dating
S&M Dating describes itself as a site for "beginners to the S&M and BDSM devotee"
17/18 Sugar Daddie
On the site, it says: "Sugardaddie.com is a high quality dating site for successful men who have financial security and confidence and attractive single women."
18/18 Uniform Dating
With more than 135,000 active users, Uniform Dating says each of their users receives an average of 22 winks and flirts each month
In May 2013, Mr Biderman reportedly asked whether he should tell the rival company about their vulnerability.
“Should I tell them of their security hole?” he emailed Mr Bhatia whose response, if he gave one, is not among the leaked emails. It is unclear if ALM did disclose the vulnerability.
The Independent has approached Mr Bhatia, who was CTO from 2007 to 2010, and Avid Life Media for comment.
The purported emails from Mr Biderman run from January 2012 to 7 July 2015 — less than two weeks before hackers calling themselves the Impact Team publicised their infiltration with a warning to ALM it had one month to take down its infidelity websites. The hackers released details of 37 million Ashley Madison customer accounts last week in the first wave of an enormous data dump published on the ‘dark web’.
Toronto Police revealed at the weekend Ashley Madison employees discovered the breach on 12 July when they turned on their computers only to find their screens filled with a diatribe from the Impact Team with AC/DC’s Thunderstruck playing in the background.
Ashley Madison has refused to confirm the legitimacy of the hacked data. It condemned the “criminal breach” and has offered a $500,000 reward for information leading to the arrest and prosecution of those responsible. Two recent suicides have been linked to the hacking while at least five law suits have been filed by customers seeking more than $500m damages for “emotional distress” suffered.
In a statement given to Vice, ALM said that the Biderman emails were “taken out of context” and that the interpretation that Mr Bhatia had hacked Nerve was “incorrect and unfortunate”.
It said: “Nerve was exploring strategic partnerships in May of 2012 and reached out to Noel to determine Avid Life Media’s interest in the property. At the time Noel did not act on that opportunity. In September PTC Advisors, representing Nerve, contacted Noel and provided a more detailed brief on the opportunity. This communique was followed by a number of conversations. Subsequently Noel contacted Raja Bhatia and asked for his assistance in conducting technical due diligence on the opportunity.
“This activity, while clumsily conducted, uncovered certain technology shortcomings which Noel attempted to understand and confirm. At no point was there an effort made to hack, steal or use Nerve.com’s proprietary data.”
Brian Kerbs, the IT security expert who revealed the Ashley Madison hack, wrote on his blog: “As bad as this breach has been for Ashley Madison and its millions of users, it’s likely nowhere near over.”
He cited further “sensitive information” within Mr Biderman’s email inbox including a 100-page movie script he co-wrote called ‘In Bed With Ashley Madison’ and his income statements from the last four years.
The Impact Team has also not yet released data from Establishedmen.com, the other ALM adult dating website property it claims to have hacked. It describes itself as a “sugar daddy” site connecting wealthy men with willing young women.Reuse content