While Ashley Madison and its parent company grapple with fallout from the recent hack of its network, emails released in the latest hacking leak indicate that the company’s own former CTO may have hacked a competing dating site.

According to an email exchange in November 2012, Ashley Madison’s one-time CTO told colleagues, including the CEO of parent company Avid Life Media, that he had found a security hole in the web site of Nerve.com and used it to exfiltrate the competitor’s entire database. He also indicated that he had the ability to alter records in the database.

“They did a very lousy job building their platform. I got their entire user base,” Raja Bhatia wrote Noel Biderman, CEO of Avid Life Media, Ashley Madison’s parent company, and Rizwan Jiwan, the company's chief operating officer. "Also, I can turn any non paying user into a paying user, vice versa, compose messages between users, check unread stats, etc.”

Bhatia had been the founding CTO of Avid Life Media, but was no longer associated with the company at the time he sent the email to Biderman and Jiwan. According to his Angel List page, he was CTO for ALM from 2007 to 2010.

He noted in the email that he had posted a sample of the stolen database to a GitHub account and included a link to the GitHub site, although that post is no longer available online.

Six months later, in May 2013, Biderman discussed whether he should disclose the vulnerability to Nerve.com.

“Should I tell them of their security hole?” he wrote Bhatia. There is no apparent response among the leaked emails.

Although the emails discuss setting up a phone call with Nerve.com, it’s not clear if ALM did disclose the vulnerability.

Neither Avid Life Media nor Bhatia responded to a request for comment from WIRED.

If Bhatia did in fact hack Nerve.com and exfiltrate its database, he could be criminally charged with unauthorized access under the Computer Fraud and Abuse Act. There is also great irony in Bhatia discussing a vulnerability in Nerve.com's web site, since other emails show that he was aware that AshleyMadison.com had security problems of its own—issues that the Impact Team, which has taken credit for the company's recent hack, exploited.

“With what we inherited with Ashley[Madison.com], security was an obvious afterthought, and I didn't focus on it either,” Bhatia wrote in an email in early 2012, months before he disclosed finding the vulnerability in Nerve.com's web site. “I am pretty sure we stored passwords without any cryptography so a database leak would expose all account credentials.

In that email, Bhatia was responding to news of another hack that had recently targeted Grindr, a dating app aimed at gay and bisexual men.

Despite an awareness of ALM's own vulnerabilities, CEO Biderman saw the downfall of competitors as an opportunity to promote himself and his business. "It would be huge if we could get me on as a commentator on this," Biderman wrote after Snapchat was attacked in 2014.

In 2012, Nerve.com had a dating platform that ALM considered purchasing. Nerve's CEO was Sean Mills, who had previously been president of The Onion satirical news site and is currently head of original content for Snapchat.

From looking at the emails in the recent data dump, it's clear that ALM considered buying Nerve. The email chain indicates that ALM began considering the purchase after Rufus Grissom, a VP with Babble.com, sent Biderman an email in June 2012 suggesting it.

“Several years ago I spoke with Glenn Graff about his interest in buying Nerve on behalf of Avid Life,” Griscom wrote. “Not sure where you guys are today, but I think this could be pretty interesting for you to have a look at. Sean has created a very innovative dating platform, and leaving that aside the site has 1.4 million high value, organic uniques (about 50/50 men/women) and there is a lot brand loyalty out there.”

In April, someone else contacted Biderman, asking if he was interested in buying Nerve. He wrote back saying “They reached out to us a couple of times – not sure we are the best buyer for Nerve given what we focus on these days.”

A month later, however, Biderman and others were exchanging emails about Nerve.com and Flirts.com.

“Enclosed are the traffic and audience overviews for the second offering (Nerve.com)," Christian Kalled wrote in an email to Leonard Latchman of LDL. “As for Flirts.com, our working valuation for the URL and non-exclusive TM license is $300,000 USD.”

Latchman wrote back asking about setting up a meeting with “the insurance guys.” That email appeared in a thread in which Lachtman asked about setting up a video call, presumably with Nerve.com. Biderman sent Bhatia a separate email asking, “Should I tell them of their security hole?”

Mills, the former CEO of Nerve.com, did not respond to a request for comment from WIRED.