The Ashley Madison hack was so thorough that it has raised questions about the company’s internal security practices and its overall attitude towards the security of its website.
To judge by some internal Ashley Madison emails, which were also revealed as part of the hack, it seems that executives at the company were somewhat lackadaisical about security matters.
As Motherboard first pointed out, Ashley Madison’s founding CTO, Raja Bhatia, predicted in 2012 that parent company Avid Life Media was at risk of a security breach. “There will be an eventual security crisis amongst one of your properties and the media will leap on it as they always do,” he reportedly wrote in an email.
He was right.
But the thought of an imminent breach doesn’t seem to have spurred him into action at the time. “With what we inherited with Ashley [Madison], security was an obvious afterthought and I didn’t focus on it either,”
Bhatia reportedly wrote, following the news that hackers had obtained data about some users of Grindr, a separate service. “I am pretty sure we stored passwords without any cryptography so a database leak would expose all account credentials.”
We’ve reached out to Ashley Madison for comment and will update if we hear back.