Tuesday, August 18, 2015

Ashley Madison Hackers Publish Data, Shows Lots Of Government/Military E-Mail Accounts

Last month, a group calling itself Impact Team leaked data it claimed it hacked from Avid Life Media, a company that operates several online adult playground sites, including Ashley Madison, Cougar Life and Established Men. The hackers claimed to have accessed the identity of the website's customers, including financial, personal and profile information. On Tuesday, the group uploaded 35GB of data to the Internet. Among the records were over 15,000 customer accounts using either a .gov or .mil e-mail address.

A full list of the accounts using either a government or military e-mail address can be accessed here. Advance Indiana found eight customers had used indy.gov e-mail addresses, the e-mail domain address used by Indianapolis city workers. There were six customers identified as using bloomington.in.gov, the e-mail domain address used by Bloomington city workers. Four accounts used monticelloin.gov, the e-mail address used by Monticello city workers. Carmel employees' e-mail address, carmel.in.gov., showed up on two accounts. There was a single account using in.gov, which is used by Indiana state workers.

Whitehouse.gov showed up on 44 accounts. There were 104 accounts with va.gov e-mail address used by Virginia state workers and 73 accounts using the ky.gov e-mail address used by Kentucky state workers. The State Department's e-mail address, state.gov, showed up on 33 accounts. It should be pointed out that Avid Life did not require users to verify e-mail addresses so the reliability of some of the data may be in doubt.

UPDATE: Specific e-mail accounts have been uploaded to the Internet here. It includes specific government e-mail addresses of Internet users at Bloomington, Franklin, Greenwood, South Bend, Terre Haute, Indianapolis and agencies of state government, including the Attorney General, Department of Correction and the Teacher's Retirement Fund, among others. I can't verify their authenticity.

12 comments:

Anonymous said...

you missed several Indiana Government, City, County, and State accounts.

Gary R. Welsh said...

It's not an exhaustive list. It's just what I gathered from a quick perusal of a very lengthy list of addresses.

LamLawIndy said...

Looks like it's just a list of domain names & not a list of email addresses. No way to verify the numbers!

Gary R. Welsh said...

The company has verified all of its information was hacked--including credit card transactions of specific customers.

Anonymous said...

Always interested in Indiana statistics and demographics. I wonder how many, exactly, members are residents of Indiana. And how many identify as conservative, or Christian. I try not to moralize. But Ashley Madison is a site specifically catering to married people seeking adultery, which is a sin. I think we should know who these people are. Don't we regularly identify such behavior in the press as hypocritical? Aren't careers regularly damaged by such information coming to light. I can think of dozens of political careers ruined by little else. So I celebrate the disclosure of this information and look forward to the rest of it coming out. Who are these people? I know the first cursory examination has been of people joining using government email servers. But now the list is becoming publicly available, I join the ranks of curious people who want to know if my married church brethren are actively seeking out adulterous relationships online. Sin is sin.

Gary R. Welsh said...

I've not made attempts to get the data on specific users. Some who have attempted this have had problems with their computers crashing. Others appear to have been successful and have started calling out specific government users. I've not seen any from Indiana specifically identified, but there are government officials in other states who have been identified with having accounts with the website. It is important to remind people that just because someone's e-mail account appears in the leaked information does not mean they were actually an account holder because of the issue with e-mail verification I noted in my blog post.

Anonymous said...

I just read on Vox that the hack includes photos, so fully accessing the Indiana files should pull up their photographs. If, for example, you're trying to find out if some politico like Brian Bosma has an Ashley Madison profile under an assumed identifier, shouldn't be too hard to recognize his profile pic out of a line up, and whether his email checks out or not seems superfluous. Although, sometimes checking a person's email is no more difficult that just sending them a phish and seeing if they respond, right? So I think the photo component of the hack is the most compelling.

Anonymous said...

The stolen database of 32 million people who used cheating website Ashley Madison has made its way to the Web. And it's easily searchable on several websites. Just plug in a name or email address, and you'll find out if someone who signed up for the service. Not here linking to these sites directly, but they can be found via regular Web searches – if you know exactly what to look for. Now anyone can check if his or her spouse was cheating – just by filling out a form.
Someone has even created a custom Google Map that displays some of AshleyMadison.com users' addresses registered with the website. Many of the cheaters exposed in this hack serve in the U.S. military, evident because they used email addresses that end in the .mil domain. Adultery does, in fact, violate Uniform Code of Military Justice. It's a prosecutable offense that can land you a year in confinement and a dishonorable discharge.

Anonymous said...

Ok, so the emails are people who REGISTERED to be a member of this, eh-hem, 'service'?

If someone is so flippin' stupid to register using a company or government email address they should be fired. To stupid for their own good and too stupid to work for me privately or publicly.

MikeC said...

Most of the email addresses are fake or created solely for these sites.

MikeC said...

Where can I see the list of email addresses? I want to see if I am on it. I don't recall registering on that site...just want to make sure.

Anonymous said...

Gawker has found TWO paid Ashley Madison accounts for Josh Duggar among the millions of user profiles released today by hackers.