Much has been learned since the data taken during the Ashley Madison hack was released on online for all to see. We’ve come to find out a bit about some of the more notable clients on the site, but now we’re getting a bit about the site’s alleged activities and executives. The company behind the site has already put out a bounty on the hackers behind the leak, but the damage has been done and it would seem.
One claim making the rounds now is that a former Ashley Madison executive assisted in hacking a competing site after finding a vulnerability — much in the same way that Ashley Madison was hacked (meaning you should probably blame Ashley Madison for their troubles). Brian Krebs of Krebs Security details the apparent act:
A review of those missives shows that on at least one occasion, a former company executive hacked another dating website, exfiltrating their entire user database. On Nov. 30, 2012, Raja Bhatia, the founding chief technology officer of AshleyMadison.com, sent a message to Biderman notifying his boss of a security hole discovered in nerve.com, an American online magazine dedicated to sexual topics, relationships and culture.
At the time, nerve.com was experimenting with its own adult dating section, and Bhatia said he’d uncovered a way to download and manipulate the nerve.com user database.
“They did a very lousy job building their platform. I got their entire user base,” Bhatia told Biderman via email, including in the message a link to a Github archive with a sample of the database. “Also, I can turn any non paying user into a paying user, vice versa, compose messages between users, check unread stats, etc.”
There’s much more over at Krebs Security, especially details about the initial moments of the hack on Ashley Madison and what greeted the workers as they signed on to their computers:
The cache of emails leaked from Biderman run from January 2012 to July 7, 2015 — less than two weeks before the attackers publicized their break-in on July 19. According to a press conference held by the Toronto police today, AshleyMadison employees actually discovered the breach on the morning of July 12, 2015, when they came to work and powered on their computers only to find their screens commandeered with the initial message from the Impact Team — a diatribe accompanied by the song “Thunderstruck” from rock band AC/DC playing in the background.
Ashley Madison parent company Avid Life is claiming that the quotations taken from the emails were out of context and according to The Verge, they contacted Motherboard with a statement:
A representative wrote to Motherboard, “Nerve was exploring strategic partnerships in May of 2012 and reached out to Noel to determine Avid Life Media’s interest in the property. At the time Noel did not act on that opportunity.” Krebs, however, writes that Bhatia initially offered at least $20 million for the company along with a second property called flirts.com, but ultimately declined to pursue the deal.
It seems a little shady, but it’s hard to think about how you can possibly get an edge in the online dating world. It’s also hard to talk about the morality of a hack when your site seems to eschew morals. It’s not so much a judgment as it is an observation, though. The human toll from all of it seems to be a bit more heavy.
(Via Krebs Security / The Verge)