Evidence in the form of leaked email demonstrates that Ashley Madison execs knew that their security was weak. A Federal court ruling last week says that the Federal Trade Commission (FTC) can go after companies whose Internet security is weak. Hrrm…
FTC Chairwoman Edith Ramirez said that last week’s decision, from the Third Circuit Court of Appeals, “reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data. It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.”
And really, can there be any more sensitive consumer information than that with which Ashley Madison was entrusted? Not only the routine credit card information, etc., but also information of a most private, privileged sort – the kind of information which, if acquired and leaked, could rip families apart, and even lead to suicide, which it already has.
A Selection of Actual Ashley Madison Ads
So, it would seem to be negligence of the worst kind that Ashley Madison executives knew that their security was weak.
The Internet Patrol is completely free, and we don't subject you to ads or annoying video pop-ups. But it does cost us out of our pocket to keep the site going (going on 20 years now!) So your tips via CashApp, Venmo, or Paypal are VERY appreciated! Receipts will come from ISIPP.
In an expose published last week, Motherboard revealed some of the leaked email, and it is damning.
I am pretty sure we stored passwords without any cryptography so a database leak would expose all account credentials
For example, as far back as 2012, Avid Life Media co-founder and CTO Raja Bhatia said, in an email, regarding the prior acquisition of Ashley Madison (Biderman founded Ashley Madison, which Avid Life Media acquired in 2007, making Biderman the CEO), “With what we inherited with Ashley, security was an obvious afterthought and I didn’t focus on it either,” adding that “I am pretty sure we stored passwords without any cryptography so a database leak would expose all account credentials.”
Now, to be clear, the Federal Court decision is United States law, the Federal Trade Commission is a U.S. agency, and Ashley Madison is a Canadian company. Legally there are ways that U.S. entities can go after non-U.S. entities, but it is a bit more complicated, so whether or not they will do so is unclear.
However, in the meantime, there have already been class action lawsuits filed against Ashley Madison, so their legal woes are clearly just, and already, starting.
The Internet Patrol is completely free, and we don't subject you to ads or annoying video pop-ups. But it does cost us out of our pocket to keep the site going (going on 20 years now!) So your tips via CashApp, Venmo, or Paypal are appreciated!
Receipts will come from ISIPP.