Ex-Ashley Madison CTO threatens Brian Krebs with libel suit over rival hacking claims.
One of the more unusual things to come from the Ashley Madison hack was the discovery that AM’s founding CTO, Raja Bhatia, had apparently hacked another company, Nerve, after that company expressed an interest in setting up a competing adult dating service.
That story was first reported by Brian Krebs, and it seems that Bhatia, no longer at Ashley Madison, isn’t very happy with it. His lawyer has threatened Krebs with a libel suit.
Krebs sourced his piece from e-mails that were leaked in the hack. Nerve was reportedly in talks with Avid Life Media, Ashley Madison’s parent company, about the possibility of a partnership or investment. Krebs wrote that Bhatia was initially interested enough to make a $20 million offer for the company, but that ultimately Ashley Madison backed away. A few months later, Bhatia e-mailed now-departed Ashley Madison CEO Noel Biderman to claim that he “got [Nerve.com’s] entire user base” and linked to a sample of the Nerve.com database.
The legal threat takes particular issue with Krebs’ headline (“Leaked AshleyMadison Emails Suggest Execs Hacked Competitors”) and his description of what Bhatia allegedly did. Bhatia’s lawyer is demanding that Krebs pull his piece and issue a retraction.
The libel threat specifically claims that Bhatia did not hack Nerve.com. Instead, he merely “noticed a readily apparent inadequacy in the site’s security” but he did not “exploit the gap by downloading or manipulating Nerve.com’s database.” Krebs is also accused of making misleading implications about Bhatia’s employment. The latter states that when Bhatia discovered Nerve.com’s security shortcomings in 2012, he was not employed by Avid Life Media, Ashley Madison’s parent company, and had not been since 2009. Moreover, it also says that Bhatia was unaware that Avid Life Media was considering acquiring Nerve.com.
When the first news of the Ashley Madison hack broke, Bhatia initially downplayed those claims and dismissed the data dump as a fake. The authenticity of the database portion of the dump seems at this point beyond doubt, thanks to the widespread confirmations by users of the site. The letter from the lawyer implicitly confirms that the leaked e-mails are authentic, as it makes reference to parts of the quoted e-mail that Krebs didn’t include in his report.
Krebs says that he will not retract or alter his story.