The Ashley Madison courting website had “inadequate” security systems and used fake icons to make it safe in front of the users of the site.
A report has revealed that the web page used pretend icons to make people think it was secure.
The Toronto-based firm’s security systems were investigated by privacy regulators in Canada and Australia.
Canada’s Office of the Privacy Commissioner (COPC) and the Office of the Australian Information Commissioner started an investigation into how Avid Life Media (which owns Ashley Madison) handled customer data soon after the attack.
The report revealed that Avid Life violated privacy laws in both countries due to its negligence as it oversaw data that users surrendered to it when they signed up.
“Privacy breaches are a core risk for any organisation with a business model based on the collection and use of personal information,” said Daniel Therrien, Canada’s privacy commissioner.
“Handling huge amounts of this kind of personal information without a comprehensive information security plan is unacceptable,” added he.
The report said that the system passwords were held in plain text on easy-to-access internal servers and in emails and text files that were regularly passed around within the company. Avid also did little to properly authenticate who was accessing its systems remotely.