clock menu more-arrow no yes

Filed under:

Ashley Madison CEO allegedly wanted to hack competitor after executive discovered security hole

CTO Raja Bhatia discovered a security hole in Nerve.com

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

An internal email conversation from 2012 between Ashley Madison’s CTO Raja Bhatia and Noel Biderman, the CEO of the site’s parent company Avid Life Media, reveals that the duo might have hacked one of their competitors, writes Brian Krebs of Krebs on Security.

The conversation allegedly took place between January 2012 and July 7th, 2015 — less than two weeks before the hacker group Impact Team publicized their break-in on July 19th. The cache of emails leaked by Impact Team shows that Bhatia told his colleagues that he had found a security hole in Nerve.com, an online magazine about sex, relationships and culture that had also launched a dating service, writes Krebs. Ironically, the hack sounds similar to the one Ashley Madison itself fell victim to, not long after. Ashley Madison had apparently also been conducting intensive security audits less than a month before discovering that its website had been hacked.

Ironically, the hack sounds similar to the one Ashley Madison itself fell victim to

"They did a very lousy job building their platform. I got their entire user base," Bhatia allegedly told Biderman via email. "Also, I can turn any non paying user into a paying user, vice versa, compose messages between users, check unread stats, etc." While Biderman seemed eager to take advantage of the security hole, replying "Holy moly..I would take the emails...," Bhatia did an odd about face, saying he wanted to "be able to look [his] son in the eye one day," writes Motherboard.

In a response to Motherboard, Avid Life claims that the conversation between Bhatia and Biderman was taken out of context. A representative wrote to Motherboard, "Nerve was exploring strategic partnerships in May of 2012 and reached out to Noel to determine Avid Life Media's interest in the property. At the time Noel did not act on that opportunity." Krebs, however, writes that Bhatia initially offered at least $20 million for the company along with a second property called flirts.com, but ultimately declined to pursue the deal.

Avid Life Media earlier today put a bounty of $379,000 on the hackers’ heads, in response to two suicides that allegedly occurred as a result of the information leaked by the hackers. This is just the latest ripple caused by the massive breach — many still suspiciously search for their spouse’s emails, and the hits will likely keep on coming.