Subscribe
Thousands of registered email addresses believed to have been hacked from the cheating website Ashley Madison contain .mil domains, according to a Stars and Stripes analysis of the data.

Thousands of registered email addresses believed to have been hacked from the cheating website Ashley Madison contain .mil domains, according to a Stars and Stripes analysis of the data. (screenshot)

Thousands of registered email addresses believed to have been hacked from the cheating website Ashley Madison contain .mil domains, according to a Stars and Stripes analysis of the data. Defense Secretary Ash Carter said the Pentagon was looking into possible unauthorized use of official accounts.

Stars and Stripes found a full published list of the purported data released by the hacker group Impact Team. Searches on that list turned up 7,148 entries using army.mil; 3,448 using navy.mil; 616 using the Air Force’s af.mil; and, 64 using the Coast Guard’s email designation.

Hundreds of others used addresses assigned to joint commands or the Army’s newer mail.mil domain to register with Ashley Madison, whose website slogan reads, “Life is short. Have an affair.”

The Navy’s standardized addresses often include the command or ship. Anyone capable of downloading and parsing the data can, for example, see how many people aboard a specific aircraft carrier have ever registered on the site.

The data also include credit cards and home addresses associated with the site’s clients.

Even if the data are valid, as many security experts now believe it to be, some of the email addresses may not be accurate. Not all of the .mil addresses appeared to use the services’ standard formats for email addresses. Some addresses repeated, while others appeared to be alternate addresses for the same person.

Furthermore, Ashley Madison’s parent company took no steps to verify email addresses, according to the hackers.

At the Pentagon, Carter said he was aware of the reported use of official email accounts.

“Of course it’s an issue because conduct is very important,” Carter told reporters Thursday. “We expect good conduct on the part of our people. The services are looking into it.”

Army Lt. Col. Joe Sowers, a spokesman at the Pentagon, told Military.com in an email that the Defense Department does not keep service email addresses centrally located and confirmation that the addresses were correct would have to be handled by the individual services.

According to The Associated Press, the French leak monitoring firm CybelAngel said it counted some 15,000 .gov or .mil addresses in the dump.

Using a government email to register for an adultery website may seem foolish, but CybelAngel Vice President of Operations Damien Damuseau told The AP that there was a certain logic to it. Using a professional address, he said, keeps the messages out of personal accounts “where their partner might see them.”

“It’s not that dumb,” Damuseau said.

The potential data hack also raises serious questions regarding military data security. For example, when applying for security clearances, servicemembers are routinely asked questions to determine whether they are susceptible to blackmail in exchange for government secrets.

Adultery is also considered a crime under the Uniform Code of Military Justice.

How many of the people registered with Ashley Madison actually used the site to seek sex outside their marriage is an unresolved question, according to The AP report. But whatever the final number, the breach is still a humbling moment for Ashley Madison, which had made discretion a key selling point. In a television interview last year, Chief Executive Noel Biderman described the company’s servers as “kind of untouchable.”

Brian Krebs, a blogger and journalist who originally broke the news of the hack last month, said that several sources had confirmed that their data and credit card information had been included in the dump.

“I’m sure there are millions of Ashley Madison users who wish it weren’t so, but there is every indication this dump is the real deal,” Krebs wrote on his website.

Avid Life Media, Ashley Madison’s Canada-based parent company, confirmed the hack with Krebs last month. Soon afterward, the hackers called for the site to shut down after alleging that it lied about a “full delete” service for customers wishing to leave the service site.

The hackers included a message along with the data dump claiming that few of the site’s members were actually women, while placing responsibility for the data breach on Avid Life Media.

“Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.”

Stars and Stripes reporter Tara Copp contributed to this report from the Pentagon.

slavin.erik@stripes.comTwitter:@eslavin_stripes

Sign Up for Daily Headlines

Sign-up to receive a daily email of today’s top military news stories from Stars and Stripes and top news outlets from around the world.

Sign up