Skip To Content
BuzzFeed News Home Reporting To You

Utilizamos cookies, próprios e de terceiros, que o reconhecem e identificam como um usuário único, para garantir a melhor experiência de navegação, personalizar conteúdo e anúncios, e melhorar o desempenho do nosso site e serviços. Esses Cookies nos permitem coletar alguns dados pessoais sobre você, como sua ID exclusiva atribuída ao seu dispositivo, endereço de IP, tipo de dispositivo e navegador, conteúdos visualizados ou outras ações realizadas usando nossos serviços, país e idioma selecionados, entre outros. Para saber mais sobre nossa política de cookies, acesse link.

Caso não concorde com o uso cookies dessa forma, você deverá ajustar as configurações de seu navegador ou deixar de acessar o nosso site e serviços. Ao continuar com a navegação em nosso site, você aceita o uso de cookies.

Internal Docs Suggest Ashley Madison Knew Hacking Was Huge Threat

Company CEO and CTO apparently expressed concerns about how a breach could hurt Ashley Madison.

Posted on August 19, 2015, at 4:15 a.m. ET

Lee Jin-man / AP

The top executives at Ashley Madison were aware that their company was vulnerable to a breach, according to one alleged internal document which shows the CTO and CEO of the company voicing concern over how hackers could infiltrate their database of adults looking to cheat on their spouses.

The leak of 9.7 gigabytes of information Wednesday, which hackers claim they stole from Ashley Madison's internal computers, was among the worst-case scenarios imagined by the company executives in an internal questionnaire. The authenticity of the document, which was part of the information posted online by the hackers, could not be independently verified by BuzzFeed.

While security experts have said that the information posted online appears to be from the site, Ashley Madison has not yet confirmed whether the accounts of more than 37 million people, as well as internal company documents, are authentic.

In the questionnaire, company employees are asked to comment on their concerns for the company.

"We should put any and all efforts forward to defend against any security issues that can put our brand and 15 years of hard work at risk," writes CEO Noel Biderman.

Trevor Stokes, the CTO, echoes his concerns, writing, " I would hate to see our systems hacked and/or the leak of personal information."

In further comments the two wonder about data exfiltration and the confidentiality of the data posted on their site, and Kevin McCall, VP of operations, adds that there is "a lack of security awareness across the organization."


In a similar document allegedly from Ashley Madison, the company suggests "Data leak/theft issues" as its top "area of concern" along with other potential threat vectors like "Exposing customer data via XSS session highjacking (XSS + phishing)," "exposing customer data via SQL injection vulnerability in the application code," and "code bug resulting in remote code execution exposing customer data (sql dump)." The document — which was not independently verified by BuzzFeed News — suggests that the company was concerned about "internal users being infected with malware/viruses allowing hackers access to our user data" as well as "web app remote code exploit[s] in our codebase resulting in a man-in-the-middle attack where a hacker gains access to our customer's billing/credit card information."

Below are more alleged disclosures from Ashley Madison about user data privacy concerns:

-Bad actor creating accounts on our sites, crawling search results and finding a method of correlating our users to their private lives (facial recognition, image metadata location coordinates, etc…)
- Internal bad actor stealing customer data and exposing it in social media/blackmailing
- Internal bad actor using a known/shared password to access customer data
- A hacker/bad actor at New Relic gaining access to our customer data.
- Third party billing partner getting hacked, exposing our customer list.
- Improper handling of backup media from OnX resulting in a data leak
- A hacker or bad actor gaining access to our customer service gmail credentials and gaining access to customer data.

  • Picture of Mat Honan

    Mat Honan is the San Francisco bureau chief for BuzzFeed News.

    Contact Mat Honan at

    Got a confidential tip? Submit it here.

  • Picture of Sheera Frenkel

    Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F

    Contact Sheera Frenkel at

A BuzzFeed News investigation, in partnership with the International Consortium of Investigative Journalists, based on thousands of documents the government didn't want you to see.