This is what Ashley Madison’s homepage looks like right now, and maybe it’s just me, but I feel like those emblems at the bottom right shouldn’t be there. (It’s not just me.) Let’s take a closer look, shall we?
After a highly publicized data breach that affected every part of a site (user data, source code, emails), it feels pretty brazen to continue to advertise strong cybersecurity measures, but Ashley Madison is just rolling with it.
The most problematic icon is probably the one that says “100% Discreet Service,” just because it’s, you know, categorically false. But even among the two that are just in poor taste there are problems.
Many suspect that the site’s “Trusted Security Award” is fake, and even if it’s real, Ashley Madison probably won’t be winning it for the second year in a row. As for the promise of an “SSL Secure Site,” sure, great. Your data will be encrypted as it travels between your browser and Ashley Madison itself. Seeing as Ashley Madison’s servers (and all the data on them) are compomised, though, it’s not very reassuring in this case.
When Motherboard asked the Impact Team hackers (who released the data dumps and claim responsibility for the breach) about the quality of Ashley Madison’s cybersecurity measures, they said, “Bad. Nobody was watching. No security.”
There’s been a lot of speculation that the attack was an inside job, and at this point that’s kind of a best-case scenario for Ashley Madison owner Avid Life Media Inc. At least in that case the company could take the position that it wasn’t actually hacked and that its external security is strong. Avid Life Media CEO Noel Biderman told Krebs on Security in July that the culprit “was definitely a person here that was not an employee but certainly had touched our technical services.”
Given everything that’s happened, there’s really no good way for Ashley Madison to be marketing itself right now, but it could at least update its home page to be a little more humble.