# >170 CAF and DND addresses in Ashley Madison



## McG (19 Aug 2015)

http://www.ctvnews.ca/business/canadian-public-servants-email-addresses-on-hacked-ashley-madison-list-1.2523363

I guess somebodies will be hearing from the DWAN acceptable use police soon.


----------



## Jarnhamar (19 Aug 2015)

I expect a CDS statement shortly.


----------



## PuckChaser (19 Aug 2015)

You can use any email address you want, as it doesn't send verification emails. I believe I saw somewhere that Tony Blair's UK PM email address was registered... However, its highly unlikely someone randomly used john.smith5@forces.gc.ca without actually being that dude.


----------



## Tibbson (19 Aug 2015)

PuckChaser said:
			
		

> You can use any email address you want, as it doesn't send verification emails. I believe I saw somewhere that Tony Blair's UK PM email address was registered... However, its highly unlikely someone randomly used john.smith5@forces.gc.ca without actually being that dude.



I wouldn't say that.  I'm sure there were some dumb enough to use it but at the same time we often get warnings about people spaming DND email addresses or using them for other nefarious purposes without the actual CAF member knowing.


----------



## PuckChaser (19 Aug 2015)

In case anyone wanted to look up the email address, here they are (all gc.ca):

http://pastebin.com/s1TKUqrG


----------



## Remius (19 Aug 2015)

I recognize 3-4 names on there.  None are surprises.

 :facepalm:


----------



## Humphrey Bogart (19 Aug 2015)

Honestly we probably shouldn't be sharing this on this website as this is pretty much a form of cyber warfare  :2c:


----------



## cavalryman (19 Aug 2015)

:facepalm: If you're going to indulge in extra curricular hanky panky, using your work email addy isn't exactly a sign of better than room temperature intelligence.  :facepalm:


----------



## ModlrMike (19 Aug 2015)

cavalryman said:
			
		

> :facepalm: If you're going to indulge in extra curricular hanky panky, using your work email addy isn't exactly a sign of better than room temperature intelligence.  :facepalm:



But it may not be them using it. Once your email address is out there in the wild, anyone can spoof it, particularly when the site doesn't verify the source.

How many people do you know who attache their DWAN email address to all of their outgoing correspondence? Some even post it on their social media profiles.


----------



## dimsum (19 Aug 2015)

ModlrMike said:
			
		

> But it may not be them using it. Once your email address is out there in the wild, anyone can spoof it, particularly when the site doesn't verify the source*.
> 
> How many people do you know who attache their DWAN email address to all of their outgoing correspondence? Some* even post it on their social media profiles.



Exactly.  Hell, it's in our freaking sig blocks.  

Also, there are some on there that seem dubious (ie. only last name).  I'm fairly certain that no DWAN addresses are like that.


----------



## Humphrey Bogart (19 Aug 2015)

Yep, as far as I am concerned, this is a non-issue unless of course the member has been looking at the site at work, in which case that info will be easily verifiable now that the authorities will want to take a look at the members browsing history.


----------



## cavalryman (19 Aug 2015)

ModlrMike said:
			
		

> Some even post it on their social media profiles.


That's probably not a whole lot smarter, but I've witnessed enough stupidity when it comes to exposing one's life on the internet that I really shouldn't be surprised.


----------



## Remius (19 Aug 2015)

Dimsum said:
			
		

> Exactly.  Hell, it's in our freaking sig blocks.
> 
> Also, there are some on there that seem dubious (ie. only last name).  I'm fairly certain that no DWAN addresses are like that.



While that might be true, my understanding is that they also posted credit card info and other things.  If one dug enough and cross referenced that....


----------



## rmc_wannabe (20 Aug 2015)

:facepalm: 

I just.....can't  even.

Lack of user education is one thing, but this is textbook stupidity.


----------



## Jarnhamar (20 Aug 2015)

Say,  how does someone access all the email addresses that were exposed?


----------



## PuckChaser (20 Aug 2015)

Like how the hackers did it, or how to find the leak online?


----------



## Humphrey Bogart (20 Aug 2015)

Jarnhamar said:
			
		

> Say,  how does someone access all the email addresses that were exposed?



Hackers gain access to the Ashley Madison server through som backdoor or by hacking into an administrators account, they then access a database et voila, all info is theirs  

Anything that is connected to the web exists on a server somewhere, someplace i.e. A hard drive of a server somewhere.  The website is basically a gateway to that server.


----------



## Jarnhamar (20 Aug 2015)

Neat. 
How can I look at the list of emails to leave people awkward Facebook posts on their wall? 

I've been looking for a way to pay back all those game invites.


----------



## Pusser (20 Aug 2015)

Dimsum said:
			
		

> Also, there are some on there that seem dubious (ie. only last name).  I'm fairly certain that no DWAN addresses are like that.



Original DWAN addresses were last name and initials.  We changed to first and last names at least 5-7 years ago.  This would indicate that many of addresses given are quite old.


----------



## Remius (20 Aug 2015)

Pusser said:
			
		

> Original DWAN addresses were last name and initials.  We changed to first and last names at least 5-7 years ago.  This would indicate that many of addresses given are quite old.



True but until recently I believe you could still use those initial/name to reach people at their address.


----------



## George Wallace (20 Aug 2015)

Dimsum said:
			
		

> Exactly.  Hell, it's in our freaking sig blocks.
> 
> Also, there are some on there that seem dubious (ie. only last name).  I'm fairly certain that no DWAN addresses are like that.



The DWAN email addresses were changed from LAST NAME.INITIALS(.NUMBER if necessary) to the current style approx five years ago; so this would indicate that the persons may have been on the site quite some time ago, and perhaps may have even retired.  Even some of the government addresses have changed, indicating timeframes in which they may have been used.

As mentioned, they may even be spoofed addresses.  Another possibility, and we all know someone who has done this, someone walked away from their work station and did not lock their computer, allowing a colleague to play a practical joke on them.... >

Only an investigation by the various Departments IM and Security officials will be able to clarify exactly what went on.


----------



## GAP (20 Aug 2015)

It would some are fairly persistant, setting up accounts numerous times.......


----------

