14 DAY TRIAL // Internal emails leaked in the Ashely Madison hack show that the company's former Chief Technical Officer, Raja Bhatia, managed to hack into a competitor's website.
The site in question is nerve.com, a New York-based online cultural magazine with an inclination for sexual topics.
The service had previously added an adult dating section on their site, but it also contacted Avid Life Media, the company that legally ran the ashleymadison.com service, inviting them to invest in the property.
The emails do not show if Ashely Madison CEO Noel Biderman specifically asked Mr. Bhatia to hack into the site, but they show how the former CTO sent a report about a security hole he found in nerve.com.
Ashley Madison's CTO got his hands on the competitor's entire database
"They did a very lousy job building their platform. I got their entire user base," said Bhatia in an email to Biderman. "Also, I can turn any non paying user into a paying user, vice versa, compose messages between users, check unread stats, etc."
The message also contained a link to a file stored on GitHub, where the nerve.com database dump could be found.
After this initial email was sent, there was a silence of six months on this topic, and then it was brought up again when Biderman asked Bhatia via email if he should bring up the topic of their security hole in an upcoming meeting with execs from nerve.com.
There is no response, meaning the two either talked face to face or on the phone about it.
In the end, Avid Live Media did not invest in nerve.com
Ashley Madison execs knew their service was vulnerable
Ironically, Mr. Bhatia’s email communications also show that he was aware of many security holes in Ashley Madison's service as well.
"With what we inherited with Ashley, security was an obvious afterthought, and I didn’t focus on it either. I am pretty sure we stored passwords without any cryptography so a database leak would expose all account credentials," he said.
As the Ashely Madison hack is the gift that keeps on giving, expect more details to come out on this topic in the coming days, as security researchers keep combing through the internal data leaked last week.