21 OKC.Gov Emails Found In Ashley Madison Hack, 10 Active

After more than 32-million usernames and emails were stolen and released from the adult dating site Ashley Madison, the city of Oklahoma city flagged 21 OKC.gov email addresses, raising questions about how employees were using their public email accounts.

According to the city’s spokesperson Kristy Yager, 10 of the 21 accounts were still active. The others were either used by former employees, some had account names close to OKC.gov accounts, and still others appeared to be fake altogether.

“Many of the people are genuinely shocked to find out their name’s on the list,” Yager said. “We have to believe some of those employees are victims and are completely innocent.”

8/19/15 Related Story: OKC.Gov Email Addresses Among Those Leaked In Ashley Madison Hack

Yager said a few of the 10 accounts still active could be cases of identity theft, yet others may be employees that are still active on the site. News 9 received the names of all 21 accounts but will not release them.

According to the homepage, Ashley Madison boasts security and anonymity. The site offers a way for more than 39 million men and women to have discrete affairs by creating online profiles. But the site’s registration is limited. It only asks for a username, password, some personal preferences, and an email address.

During sign up, the site never asks for more verification for a user to prove their identity nor does it have strict password or username restrictions.

The city of Oklahoma City does not currently have a policy in place for employees using their official addresses for personal use. Yager said Wednesday, the city’s information technology is working on a policy that could result in termination of employees. On Thursday, Yager said the department was still drafting a new policy but did not mention whether it could include firing employees who violate the new terms.

“Since there’s no policy in place, if they’re actually active on the site, there’s nothing we can do,” Yager said.

She added any employee involved in the Ashley Madison hack would not be affected by the new policy retroactively, but the 10 active account holders have been contacted by the city to remove their addresses from the site.