By Alastair Sharp and Allison Martell
TORONTO (Reuters) - The parent company of infidelity dating site Ashley Madison, hit by a devastating hack last year, is now the target of a U.S. Federal Trade Commission investigation, the new executives seeking to revive its credibility told Reuters.
The breach, which exposed the personal details of millions who signed up for the site with the slogan "Life is short. Have an affair", cost Avid Life Media more than a quarter of its revenue, Chief Executive Rob Segal and President James Millership revealed in an interview, the first by any senior executive since the incident.
"We are profoundly sorry," said Segal, adding that more could perhaps have been spent on security.
The two executives, hired in April, said the closely held company is spending millions to improve security and looking at payment options that offer more privacy.
But it faces a mountain of problems, including U.S. and Canadian class action lawsuits filed on behalf of customers whose personal information was posted online, and allegations that it used fake profiles to manipulate some customers. The site's male-to-female user ratio is five to one, the executives said.
An Ernst & Young report commissioned by Avid and shared with Reuters confirmed that Avid used computer programs, dubbed fembots, that impersonated real women, striking up conversations with paying male customers.
Avid shut down the fake profiles in the United States, Canada and Australia in 2014, and by late 2015 in the rest of the world, but some U.S. users had message exchanges with foreign fembots until late in 2015, according to the report.
Another dating site paid $616,165 in redress for similar practices in an October 2014 settlement with the FTC.
Avid said it does not know the focus of its own FTC investigation. Asked about the fembot messages sent to U.S. customers, Segal said: "that's a part of the ongoing process that we're going through ... it's with the FTC right now."
An FTC spokesman declined to comment.
REINVENTING EXISTING BRAND
Ashley Madison got plenty of media attention before the hack, taunting and celebrating politicians and celebrities accused of cheating. Former chief executive Noel Biderman styled himself the "king of infidelity" and boasted of a $1 billion valuation.
Segal acknowledged that the company is not worth that much and said Avid still doesn't know how the attack happened or who was responsible.
It has hired cyber security experts at Deloitte, and expects to reach the first level of Payment Card Industry compliance, an industry standard, by September.
"We had to basically reinvent their security posture," said Robert Masse, who leads Deloitte's incident response team. His team, hired by the company in late September, found simple backdoors in Avid Life's Linux-based servers.
Avid Life is on track to record roughly $80 million in revenue this year, with margin on earnings before interest, taxation, depreciation and amortisation of 35 to 40 percent, said Millership. Its 2015 revenue was $109 million, with a 49 percent margin.
The executives said the Ashley Madison name would endure, though they are moving some focus away from infidelity.
"We certainly feel that the Ashley Madison brand can be repositioned," Segal said, promising "a vastly different approach to how she is marketed."
Millership said they have roughly $50 million to spend on acquisitions or partnerships with like-minded "discreet dating" sites.
But Serge Saumur, a lead plaintiff in the Canadian civil case, is no longer interested. Saumur, who is single, said he joined the site in early 2015 and spent around C$100.
"Whatever they are going to do to prove to me that they are safe or anything, I wouldn't put no more money in there," he said.