At least 17 signups using @mi.gov email addresses have surfaced as accounts in the recently hacked infidelity site ashleymadison[dot]com including two State Police officers according to DeadlineDetroit.

Why anyone would use a work email address to sign up for anything let alone a hookup service that encourages cheating on partners boggles the mind. Particularly when it is a snap to create a free gmail, yahoo or other free account.

"Whatever you do on the internet is forever," I have long advised and this hack promises to unfold with continual celebrity outings, extortions and and even national security compromises. Regarding the latter, over 15,000 .mil accounts [.mil is used by US armed forces] have been exposed according to KrebsOnSecurity.com making those parties vulnerable to extortion for secrets.

Krebs is also reporting that extortions have already begun. Some are sophisticated 'spear-phishing' attacks where the target is sent an blackmail threat with an attachment containing the 'full details'. Opening the attachment is loading ransom-ware on the target's computer, locking down all data, that can only be recovered by paying a ransom in bitcoin.

I have been following this hack since it surfaced a month ago when the hactivist group 'Impact Team' announced it had the full information of 37 million A/M accounts including addresses, pictures, sexual preferences, transactions and more.

At the time Impact team demanded the A/M shut down completely or they would release the data on the Dark net and other dumping points. In particular they were furious at A/M's sleezy near-extortion practice of charging members $20 to close and erase their accounts, a promise not kept as the data remained behind as Impact Team discovered.

When A/M failed to do so after 30 days Impact Team dumped the data earlier this week and the hornet's nest is open.

A couple of points.

1-A/M did not validate email addresses for accounts. For instance when someone signs up for DetroitYES, a validation email is sent to the email address supplied with an activation link. This is to prove that the email address used is actually a real address. Therefore it is possible for someone to use another person's email address for A/M, but the accompanying information along with the items added to one's profile would probably show who is who.

2-A good place to check to see if your email address and its password has been breached in any of the internet's mega hacks, is Have I Been Pwned?

What a world.