Five postal inspector email addresses found in Ashley Madison database

On Thursday we told you that fifty-two @usps.gov email addresses had been found in the Ashley Madison registration database after hackers made the information available online. Since then, we’ve been able to review the actual addresses and found a number of duplicates in the list, dropping the number of unique addresses to less than 40.

The bad news is that along with the @usps.gov emails appearing on the list, we also found five @uspis.gov email addresses. That’s the domain used by the postal service’s law enforcement arm, the US Postal Inspection Service.

Aside from the ethical issues raised by a law enforcement officer accessing the site, there’s also the danger that an inspector, possibly with a high level security clearance, might run the risk of blackmail. While a regular postal employee found to have accessed the site can probably expect a discussion, and possibly the loss of internet access, things are likely to be more serious for a Postal Inspector found to have misused his official email account.

We won’t be releasing any of the email addresses here, since we have no way of knowing for sure how reliable the information is, since the email addresses don’t appear to have been verified by the site: search on “whitehouse.gov”, for example, and you’ll find both “barackobama@whitehouse.gov” and “georgebush@whitehouse.gov”, along with numerous variations. It’s entirely possible that some of the email addresses were registered maliciously by third parties.

Presumably, the Inspection Service and the OIG will be investigating, and reviewing logs of internet activity to determine whether there was any actual wrongdoing. (For what its worth, we didn’t find any OIG email addresses in the listings we’ve seen).

  • Inspector Goofball,OIG

    Never mind,we were just investigating some managers.

  • Gary Sharkey

    Who watches the watchers?????

  • Guest

    This article is not really correct. In the AM dump is a considerable amount of corresponding data on the ‘customers’ like their names, addresses, some credit card data, along with their profiles.

    “we have no way of knowing for sure how reliable the information is”…I’d think it’s pretty accurate considering that you can tie the email address to someone’s personal information. There are a ton of fake accounts but there’s also a ton of very real, easily verifiable accounts.It’s one thing to have your email in the list but if you have your email AND a profile along with a paid account….well you done messed up son.

  • Tony

    Maybe we should not jump to conclusions here! At one time or another the job may have necessitated the sharing of ID’s and Passwords in order to facilitate information gathering! I would first look at where and what agency supplies the ID’s and Passwords! It won’t be the first time Federal information has been hacked and it won’t be the last!

  • postalnews

    What is “not really correct”? You say that you think the information is accurate, but in the next breath you say “There are a ton of fake accounts”!

    Which is it??

  • Bob

    They need to see if the postal inspectors used USPS credit cards to register! It would not surprise me.

  • Guest

    It doesn’t have to be one or the other. It can be both.

    The fake accounts don’t have the associated information the real ones do so they are easy to pick out. The paid accounts however have much more, and easily confirmed, data to go along with them.

    I get that you don’t want to position yourself so that you could get sued and that’s why you add a qualifier like “no way of knowing for sure”. If you are looking at the dump then you know that it’s definitely legit. A couple of those postal account creators are likely in trouble. But then again there’s an avalanche of people that will be caught up in this.

  • postalnews

    No, I said there’s “no way of knowing for sure” because that happens to be the case. As many people have pointed out, the email addresses were apparently not verified. The “easily confirmed” data is also easily acquired- date of birth, address, etc. There may be valid credit card numbers attached to the accounts, but you and I have no way of knowing whether they actually belong to the owner of the email address.

    We’re also not talking about data that comes from a reputable source, obviously. I don’t know exactly who extracted the .gov email address listing. It could be a total hoax.

    It’s not likely to be a complete hoax, of course. But do I know for sure that ANY of the email addresses were actually used by their owners to register for the “service”? No. And neither do you.

    The Inspection Service and the OIG, however, would presumably have access to logs and email archives that might prove one way or another whether an individual actually used his or her official email account to sign up.

    Publishing unverified data that might harm an individual is wrong.