Ex-Ashley Madison CTO Threatens Libel Suit Against Journalist
An anonymous reader writes: Security reporter Brian Krebs, who has been instrumental in breaking news about the Ashley Madison hack, is now being threatened by the website's former CTO with a libel suit. Contained in the leaked data was a series of emails from the ex-CTO, Raja Bhatia, to the CEO of Ashley Madison's parent company. In the emails, Bhatia noted a security hole in a competing website, saying that he downloaded their user database and was capable of modifying and exposing it. After reporting on these emails, Krebs received a letter from Bhatia's lawyer (PDF) saying the post was libelous and defamatory. They demanded a retraction, which Krebs is thus far unwilling to do.
The lawyer's letter lays out his position. We don't the facts, but here's his position, which may be reasonable g
The letter to Krebs says that in the very emails Krebs relied on, the former CTO explicitly said that he did NOT download the account database. He said there is a clear vulnerability so someone COULD download the database, and he did not do so. The Krebs article appears to suggest that he did, so the Krebs article might be misrepresenting what is actually said in the emails.
The letter also seeks to distinguish between noticing a readily apparent vulnerability vs "hacking" the web site. Those are kind of two degrees of the same thing, but Krebs said "hacked". If the truth is more like "noticed", a retraction is in order.
Lastly, thr letter seeks to clarify that he was not AM's CTO, or even working for AM, at the time. Reading the article one might well get the impression that AM's CTO, on behalf of AM, hacked a competitor. That's not factually correct, the lawyer says.