No Record Of Ashley Madison’s So-Called Security Award
Ashley Madison claims to have received a "Trusted Security Award" which doesn't appear to exist
The hack of adultery site AshleyMadison.com shouldn’t come as much of a surprise: a Vocativ analysis shows there is no online record of the “Trusted Security Award” proudly displayed on its front page.
Hackers dumped the personal details of the 37 million would-be adulterers registered with AshleyMadison.com, including names and addresses this week. Impact Team’s attack appears to have been sparked by the company’s “paid delete” feature, which charges customers $19 to wipe their account from the site, but which hackers say does not wipe credit card information.
AshleyMadison.com mentions a “Trusted Security Award” on its homepage, seemingly to reassure members their personal information is protected. The award first appeared in 2011, according to cached versions of the website, but Vocativ discovered the award does not appear to have been mentioned by other companies at any point in the past.
A Google search for the term “Trusted Security Award” provides just 1,270 results. All of those relevant results specifically reference AshleyMadison.com. A reverse Google image search of the medal icon illustrating the award reveals the image is used only on AshleyMadison.com and PandoraSlinky.com, a similar dating site which uses a layout identical to AshleyMadison.com, but which Vocativ could not confirm has the same owner. A TinEye search of more than 12 billion images shows no record of the medal icon being used elsewhere. Vocativ made repeated attempts to contact Avid Life Media, which owns AshleyMadison.com, but they did not respond.
Hack repair expert Jim Walker said the “award” is likely a marketing tool which he said is commonly used on such websites. The Hack Repair Guy, who has 15 years of experience in internet security, said: “There’s no link to any third party page or any reference to what that means. If there is no link or commentary about what this is for, then it’s likely just something they put on there as a marketing tool.”
The website had 124.5 million desktop visitors in June. Registration is free, but customers must pay upwards of $49 in exchange for “credits” which can be used to read messages from other users. Vice president for Avid Life Media Avi Weisman previously denied a claim that some profiles on the site are fabricated.
Avid Life Media said in a statement that its “paid delete” option does in fact remove all user information. “The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes,” it said, adding it was now free to use in light of the hacking. It said it has “stringent security measures in place” and is working with “leading IT vendors from around the world” to prevent further attacks.
This story has been updated from previous version.