A former Ashley Madison executive allegedly hacked a competing dating website
Motherboard's Joseph Cox and security researcher Brian Krebs have both seen what is believed to be a leaked email from CEO Noel Biderman, in which former CTO Raja Bhatia apparently said he discovered security holes in the software of Nerve.com, an adult website that was testing a dating service at the time.
Business Insider has not yet independently verified the contents of the emails.
According to the leak, in November 2012, Bhatia, who now consults for the website, mentioned in an email to Biderman that "nerve's dating site has a huge security hole."
When asked for more details, the ex-CTO responded that he "was researching the casual dating space as it's been on my mind. I remembered Nerve relaunched with a slick site and did a little digging into how it worked. They did a poor job of auditing their site."
He continued:
[I] Have access to all their user records including emails, encrypted password, if they purchased or not, who they talked to, what their search preferences are, last login, fraud risk profile, who they blocked or are blocked from, photo uploads, etc.
Prior to Bhatia's alleged hack, Ashley Madison's parent company Avid Life Media had been approached by Nerve.com about a possible business partnership. Krebs reports that at one point Bhatia made a $20 million offer for Nerve, although the deal never came to fruition.
In a statement emailed to Motherboard, ALM frames Bhatia's actions as "due diligence" relating to these discussions:
Even so, Biderman's reaction seems unusual. After Bhatia told him about the nature of the data he had access to, the CEO responded: "Holy moly..I would take the emails..."
Bhatia said no, telling the CEO that he "can't do it.. want to be able to look my son in the eye one day."
But the CTO did send over more information explaining to Biderman "how to complete the process," Motherboard reports. Biderman then allegedly attempted to follow Bhatia's instructions, but was unable to.
Last Tuesday, after customer data was leaked online by a hacker or hackers calling themselves The Impact Team, Avid Life Media released a statement slamming their actions.
"Every week sees new hacks disclosed by companies large and small, and though this may now be a new societal reality, it should not lessen our outrage," the statement said. "These are illegitimate acts that have real consequences for innocent citizens who are simply going about their daily lives. Regardless, if it is your private pictures or your personal thoughts that have slipped into public distribution, no one has the right to pilfer and reveal that information to audiences in search of the lurid, the titillating, and the embarrassing."
Business Insider has reached out to Avid Life Media for comment.