While it appears the hackers who stole a treasure trove of data from adultery-focused “dating” site Ashley Madison are done embarrassing the company, that doesn’t mean the fallout from the attack has stopped. The latest drama involves noted security researcher Brian Krebbs, who says he’s facing a libel lawsuit from former Ashley Madison CTO Raja Bhatia. The lawsuit stems from a report Krebs posted in late August in which he claimed that the leaked emails of now-former CEO Noel Biderman revealed a plot to hack Ashley Madison’s competitors. Bhatia apparently took issue with a number of Krebs’ claims in the article and asked for a retraction and correction, which thus far Krebs has been unwilling to do.
The report specifically claims that Bhatia send Biderman an email in late 2012 concerning a security hole he discovered on the site Nerve.com, a site dedicated to a variety of sexual topics. At the time, Nerve.com was working on its own dating service, and Bhatia allegedly said in his emails to Bidderman that he found a way to access and manipulate Nerve.com’s database of users.
According to Krebs report, Bhatia said the following to Biderman over email: “They did a very lousy job building their platform. I got their entire user base. Also, I can turn any non paying user into a paying user, vice versa, compose messages between users, check unread stats, etc.”
In his lawsuit, Bhatia takes issue with the claim that he “hacked” Nerve.com; instead, he says he “noticed a readily apparent inadequacy in the site’s security and remarked on that observation to Mr. Biderman without attempting to bypass its security or to exploit the gap by downloading or manipulating Nerve.com’s database.” Bhatia also says its important to note that at the time he sent Biderman the email, he was not acting as CTO of Ashley Madison; it seems he left the company at some point in 2009.
For now, Krebs says he has no intentions of changing or retracting his story — instead, he published the letter he received from Bhatia’s lawyers “in the likely event that other publications have also received libel and defamation threats from Ashley Madison and/or its current and former employees.” Whether the lawsuit has much merit remains to be seen, but at the very least it sounds like Krebs doesn’t plan on acquiescing to the lawsuit’s demands.
[Image credit: Getty Images / Carl Court]
Krebs on Security
Tags: ashleymadison, ashleymadisonhack, briankrebs, lawsuit, libel, RajaBhatia