Ashley Madison hack: National lawsuit filed against parent company
Company says it does not confirm email addresses of users or store credit card data
Two law firms have filed a national class-action lawsuit on behalf of all Canadians who subscribed to AshleyMadison.com.
The action is being brought against Avid Dating Life Inc. and Avid Life Media Inc., the corporations that run the infidelity website.
The plaintiff in the lawsuit is Eliot Shore, an Ottawa resident and disabled widower who became single after his wife of 30 years died of breast cancer. He joined the site, but did not meet another subscriber in person, the law firms say.
The class action, led by firms Charney Lawyers and Sutts, Strosberg LLP, is not being brought against the Impact Team hackers who attacked AshleyMadison.com.
- Ashley Madison leaks could undermine privacy for us all
- Leaked Ashley Madison user data confirmed to be from infidelity site
- Ashley Madison data reportedly posted online by hackers
- Hack unlikely to dissuade cheating spouses, says researcher
Those hackers released a second, larger batch of data stolen from AshleyMadison.com's parent company, Vice's online technology site Motherboard reported on Thursday.
The dump, the veracity of which Reuters was not able to immediately verify, appeared to include email messages linked to Noel Biderman, the chief executive officer of Avid Life Media.
The company did not immediately respond to requests for comment.
The Motherboard report said the release bore the hallmarks of Tuesday's release by hackers who call themselves the Impact Team.
Pressure rising on company
If authentic, the additional release would increase pressure on the company, which has been quiet about exactly how much and what sort of data was stolen in a breach in July.
The 20-gigabyte data dump reported on Thursday would be roughly double the size of the earlier one, which included personal details of millions of members of Ashley Madison.
However, the Toronto-based website told The Canadian Press that the personal details exposed in the initial data leak can't be used to prove the infidelity of their clients.
The company confirmed that it doesn't verify the email addresses used to sign up for the service, nor does it collect phone numbers or store full credit-card numbers.
An official with the company also said it doesn't check email addresses — precisely to ensure no account can be conclusively linked with a specific person.
People can speculate based on the leaked data, the official said, but there's no smoking gun.
Scouring the data for familiar names or email addresses among the site's more than 35 million registered members has become a popular pastime for worried spouses and curious internet users worldwide.
Police coalition investigating breach
There are hundreds of email addresses in the data release that appear to be connected to federal, provincial and municipal workers across Canada, as well as to the RCMP and the military.
The Toronto cyber-security company Cycura is investigating the breach for Ashley Madison, along with the RCMP, Ontario Provincial Police and Toronto Police Service. The FBI is investigating in the United States.
The company's chief technology officer, Joel Eriksson, said the source code used by Avid Life Media is being audited for "vulnerabilities and backdoors," though it doesn't appear that any software vulnerability was exploited in the breach.
Ontario government technology experts are also looking into the leak after dozens of provincial email addresses were linked to Ashley Madison account holders.
Provincial officials said if any civil servants used their work email to set up their Ashley Madison account, that would be considered a misuse of government IT resources.
Ontario Attorney General Madeleine Meilleur's office said "information and technology officials are looking into whether any misuse has occurred."
With files from CBC News and The Canadian Press