The fallout included a $11.2 million settlement with US victims and an additional Federal Trade Commission fine of $1.6 million. An Australian radio show outed a cheating husband to his wife on-air and a married New Orleans pastor committed suicide after he was discovered on the site. The massive data breach cost parent company Avid Life Media a quarter of its revenue, according to executives at the time (it's now renamed Ruby Life, and also owns Cougar Life as well as sugar daddy dating website Established Men). Plans for a reported IPO on the London Stock Exchange just months before the hack -- with the company valuing itself at $1 billion -- were scuppered.
Now, Ruben Buell, who became CTO at Ruby Life in February 2017 and took the reins as president last April, is looking to regain public trust.
"We want to let people know that Ashley is here, Ashley is strong as ever," said Buell in an interview with Engadget. "Yes, there was an incident in 2015 that was extremely unfortunate, and that the firm has learnt from that, grown from that and moved on."
The company had attempted to keep a low profile and tame its branding -- "Life is short. Have an affair" became "Find your moment" -- after the hack. This week, the Toronto-based Buell is making the media rounds, armed with a new independent Ernst & Young report showing 5.7 million new accounts on the site in 2017 and a ratio of 1.13 active females for every active male on the site. The company is doubling down on its core purpose: facilitating infidelity. The infamous slogan is back.
"Ashley's been the leader in the married dating space, the infidelity space, for a very long time now, and that is what we focused on [last year]," said Buell.
"We want to let people know that Ashley is here, Ashley is strong as ever."
The company claims to have registered 54 million accounts since 2002, but this does not reflect the current number of active accounts, as many were deleted following the 2015 hack. According to Buell, there are 191,000 daily active users (defined as members who have exchanged messages) and 1.4 million new connections made each month.
Last year was the first since the hack that Ashley Madison saw "substantial growth" in its user base, Buell said, adding that its 2017 revenue grew 5 percent globally and 16.7 percent in the US compared to 2016. He declined to state the privately-held Ruby Life's 2017 revenue figures or profits, but in a July 2016 Reuters interview, former president James Millership said it expected about $80 million in revenue that year, with a 35 to 40 percent EBITDA margin (a measure of profits, standing for earnings before interest, taxes, depreciation and amortization). "The firm has always been very profitable and we continue to enjoy nice profits," said Buell.
Ashley Madison is essentially trying to reestablish trust in a business that's entirely dependent on discretion. But post-Cambridge Analytica, post-Snowden, post-data breaches of LinkedIn and Yahoo (which is owned by Engadget's parent company, Verizon), the public is even more skeptical about data privacy than it was three years ago.
Making any comeback tougher was the revelation that the site was riddled with female bots to draw in male users, which formed part of the FTC probe. Women can use Ashley Madison for free, but even after connecting on the site, men have to pay "credits" to kick off a conversation. The website's fake females essentially lured them into spending money to talk to no one. The Ernst & Young report also verifies that the bots are gone.
Buell attributes the company's growth to targeting "attached" users -- those in committed relationships -- who are mostly in their forties and form 70 percent of Ashley Madison's customers. Brazil, the company's new report claims, saw an average of 138,865 new members per month in 2017, second only to the US. This year, Buell intends to expand in Taiwan, Japan and South Korea.
Buell has an ironic rationale that affairs can be good for a relationship. "There is a better way to have an affair," he said. The logic: many couples are in sexless couplings but want to maintain their family; there's a disconnect between divorce being socially acceptable while non-monogamy is not; a discreet, anonymous dating platform allows users to take their roaming out of the workplace, which is Ashley Madison's "number one competitor." "Don't put your career at risk along with your marriage," he said.
"A lot of these women are looking to stray because they want to stay in their marriages. So they're looking at 'well I have the option of divorce or I have the option of having an affair but I'm not real happy just continuing in my daily life as things are now,'" he said, citing surveys Ashley Madison has done with its users. "They find once they meet a lot of these desires that they come back into the marriage happier, revitalized, and can be a better wife."
Even if your partner consents to extra-marital engagements, these relationships require privacy, according to Buell, since on commonly-used apps like Tinder, couples may face judgement when spotted by acquaintances. "It still isn't generally social acceptable," Buell said. "Which we think is ridiculous, honestly."
"Ashley's core differentiator is discretion."
Yet this imperative for privacy is precisely why regaining the public trust is going to be an uphill battle for the infidelity website.
According to the FTC complaint post-hack, Ashley Madison "had no written information security policy, no reasonable access controls, inadequate security training of employees, no knowledge of whether third-party service providers were using reasonable security measures, and no measures to monitor the effectiveness of their system security." Part of the FTC settlement required that the company add "a comprehensive data-security program, including third-party assessments."
Speaking with Engadget, Buell made a point to list the security measures that Ashley Madison has since added or will add this year: two factor authentication, a bug bounty program, adherence to the NIST cybersecurity standards. He highlights that it's hired a new chief information and security officer, and the office displays "artwork that's mirrored around the idea of a security camera lens."
"We do not use the data for any type of third party advertising, we don't run ads on our sites, the data is not moved anywhere from where we own it," Buell said. "We hold that very, very close to us."
"Security and discretion" were described among Buell's key focuses for 2018. "Ashley's core differentiator is discretion."