Ashley Madison Knew Security was Weak; Courts say Feds can go after Companies with Weak Security

Share the knowledge

Evidence in the form of leaked email demonstrates that Ashley Madison execs knew that their security was weak. A Federal court ruling last week says that the Federal Trade Commission (FTC) can go after companies whose Internet security is weak. Hrrm…

FTC Chairwoman Edith Ramirez said that last week’s decision, from the Third Circuit Court of Appeals, “reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data. It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.”

And really, can there be any more sensitive consumer information than that with which Ashley Madison was entrusted? Not only the routine credit card information, etc., but also information of a most private, privileged sort – the kind of information which, if acquired and leaked, could rip families apart, and even lead to suicide, which it already has.

A Selection of Actual Ashley Madison Ads
ashley  madison ads

So, it would seem to be negligence of the worst kind that Ashley Madison executives knew that their security was weak.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

In an expose published last week, Motherboard revealed some of the leaked email, and it is damning.

I am pretty sure we stored passwords without any cryptography so a database leak would expose all account credentials

For example, as far back as 2012, Avid Life Media co-founder and CTO Raja Bhatia said, in an email, regarding the prior acquisition of Ashley Madison (Biderman founded Ashley Madison, which Avid Life Media acquired in 2007, making Biderman the CEO), “With what we inherited with Ashley, security was an obvious afterthought and I didn’t focus on it either,” adding that “I am pretty sure we stored passwords without any cryptography so a database leak would expose all account credentials.”

Now, to be clear, the Federal Court decision is United States law, the Federal Trade Commission is a U.S. agency, and Ashley Madison is a Canadian company. Legally there are ways that U.S. entities can go after non-U.S. entities, but it is a bit more complicated, so whether or not they will do so is unclear.

However, in the meantime, there have already been class action lawsuits filed against Ashley Madison, so their legal woes are clearly just, and already, starting.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.