In an interview with Reuters, Chief Executive Rob Segal said they are “profoundly sorry” for how they handled customers’ data. They’re also getting investigated
The biggest surprise that came out of Reuters’ exclusive interview with infamous find-an-affair dating site Ashley Madison was not who was the latest public figure to be on their roster, but an apology.
With news that Ashley Madison’s parent company, the up until now unapologetic Toronto-based Avid Life Media, is now facing an investigation by the U.S. Federal Trade Commission (FTC), the company’s Chief Executive Rob Segal told Reuters that they are “profoundly sorry” for how the site had handled customers’ data.
In July of last year, the site was dealt a major blow when the personal details, including credit card information, of at least 37 million users were posted online, exposing a long list of cheaters and those attempting to do so.
According to the interview with Segal and President James Millership, the leak has led to a drop of more than a quarter of their annual revenue. Interestingly though, the company is still said to be on track to bring in some $80 million this year, meaning that more than a few users are still determined to find that illicit special someone.
Those hopes might be overblown though as the investigation against the company includes a hard look at whether the site really was the target rich environment that it claimed to be.
While the executives claim that their site has a 5-1 male-to-female ratio, they have been accused of using fembots to boost the appearance that there were far more female users on the site. These chatbots and their fake profiles were used to keep paying users coming back to the site. Even though there was apparently an effort by the company to remove these digital teases in countries like the U.S., Canada, and Australia in 2014, Reuters reported that American users were still receiving messages from fembots in other countries as last as late 2015.
Responding to the continued use of the bots, Segal told Reuters, “That’s a part of the ongoing process we’re going through,” referring to their newest tryst with the FTC.
Use of bots to engage with lovelorn and lusty folks on the internet is nothing new. But it is fraud if you are using a bait and switch, pretending to offer meaningful(less) connections and letting your users type away long into the night with an automated chat.
What could have been done to protect Ashley Madison users’ data?
How the company will emerge from this particular mess, and how they will still have paying customers, nobody knows.
In the meantime, the company appears to be hard at work, pouring millions into trying to reassure their users that their cyber defenses are now stronger, and that they can be trusted once again.
From the looks of the Reuters article, the company had failed to enact simple methods such as obfuscation of user data or other serious encryption tactics.
They are also trying to plug all kinds of holes in their security perimeter, but it is unclear whether these kinds of steps really would have prevented the massive attack from last year.
Speaking with a wide number of cyber security professionals, the consensus appears to be that the hacker who stole the data dump was not an outsider, but either a current or former employee who either stole the files on the premises or used legitimate credentials to stroll into their system. While these assessments remain unfounded, they are fairly likely to be accurate.
In the initial reports after the breach was first uncovered, there were indications that the leaker knew the technical team personally.
Former Chief Executive at ALM Noel Biderman spoke with KrebsOnSecurity soon after scandal broke, basically admitting that it was an inside job. “We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
Adding more security features to their backend and launching a campaign of rebranding is not likely to help improve the company’s image in the eyes of users if they cannot even trust the internal staff managing that data.
If this saga should have taught anyone anything, it should have been not to do anything online that you wouldn’t mind having broadcasted to the rest of the world. Either that, speak to your spouse about an open relationship, or get a really good VPN and enjoy the free show over at Pornhub.