'Security Was An Afterthought,' Hacked Ashley Madison Emails Show
Source: Motherboard
It's already clear that, despite handling very sensitive data, Ashley Madison did not have the best security. Hackers managed to obtain everything from source code to customer data to internal documents, and the attackers behind the breach, who call themselves the Impact Team, made a mockery of the company's defenses in an interview.
With a huge dump of the company's emails now available on the dark web, it's possible to get a better idea of what was really going through the minds of those responsible for the site's security, and overall it doesn't look good. Ashley Madison seems to have put a heavy emphasis on PR spin, rather than protecting data.
“With what we inherited with Ashley [Madison], security was an obvious afterthought and I didn't focus on it either,” the company's founding CTO Raja Bhatia wrote at the beginning of 2012. “I am pretty sure we stored passwords without any cryptography so a database leak would expose all account credentials,” he continued. The email was in response to the news that the data of 100,000 Grindr users had been obtained by hackers.
Bhatia was also fully aware of the potential of attacks on Avid Life Media (ALM), the parent company of Ashley Madison. “There will be an eventual security crisis amongst one of your properties and the media will leap on it as they always do,” he wrote.
<snip>
Read more: http://motherboard.vice.com/en_ca/read/security-was-an-afterthought-hacked-ashley-madison-emails-show
= new reply since forum marked as read
