The United States Federal Trade Commission has launched an investigation into philanderers’ dating site Ashley Madison, Reuters reported Tuesday.
The company, which suffered a massive data breach last year that resulted in extortion attempts and ruined lives, as well as class-action lawsuits, earlier this week announced that it hired a new CEO and a new president in April.
CEO Rob Segal and President James Millership also revealed that Ashley Madison had been using fembots — computer programs responding like real women — to conduct conversations with some of its paying male customers worldwide.
The fembots have been shut down, confirmed an Ernst & Young report commissioned by Ashley Madison’s parent company, Avid Life Media.
The use of fembots might have triggered the probe by the FTC, which is tasked with guarding against consumer fraud, among other things.
The FTC declined to confirm or deny whether it is conducting an investigation, because “FTC investigations are nonpublic,” spokesperson Jay Mayfield told the E-Commerce Times.
Ashley Madison did not respond to our request to provide further details.
Ashley Madison is seeking to rebrand itself as a service that promises discretion for participants in many types of adult dating — not just affairs. A large number of its members are singles, according to the company.
Disclosures arising from the FTC’s investigation will make it more difficult to reposition Ashley Madison as safe for customers, suggested Rob Enderle, principal analyst at the Enderle Group.
Ashley Madison “will want to create a new image — but as the evidence from the investigation is shared, it will reinforce the old image, making it nearly impossible for the firm to successfully pivot,” he told the E-Commerce Times.
On the other hand, the probe might spice up the firm’s image. At the time it was hacked last July, Ashley Madison had about 40 million users; it now boasts more than 46 million.
Keeping Users Safe
Since the breach, Ashley Madison has stepped up efforts to secure its IT systems.
It hired cybersecurity firm Deloitte, whose experts apparently found several simple backdoors in its Linux servers.
Also, Ashley Madison said it expects to reach the first level of Payment Card Industry compliance by September, according to the Reuters report.
Ashley Madison earlier this year instituted masking for subscribers’ photos.
However, “if an adversary has access to the back-end systems, the masking of profile pictures doesn’t provide much protection,” noted Rick Holland, VP of strategy at Digital Shadows.
Masking is “a good step so long as it’s part of a holistic approach to improving security,” he told the E-Commerce Times.
“Every company is vulnerable to some degree to data breaches as long as there are people involved in the process, Enderle pointed out. “Given the value of information surrounding someone’s extramarital affairs, I doubt Ashley Madison can afford security that would be good enough to truly ensure this wouldn’t happen again.”
Digital Shadows last fall discovered cybercriminal gang DD4BC was seeking to extort Ashley Madison breach victims, demanding they pay a ransom of one bitcoin for its silence. At least 17 victims paid up.
Two suspected members of the gang were arrested in January, Holland said, but “recently we’ve had clients report they were targeted by a copycat actor.” It takes time for organizations to materially improve their security maturity, so “it’s likely that Ashley Madison and Avid Media still have significant opportunities to mature,” Holland remarked.