Industry News

The Ashley Madison mystery: why would you use your work email address?

The Ashley Madison hack, and leak of its user database, continues to enrapture the public, and delight online news editors keen to fill their webpages with salacious content.

Many choose to ignore the very real harm and human cost that could result from information which should have remained private, and ask what are – to be fair – quite reasonable questions.

Like, why on earth would you use your work email address to sign up for a site like Ashley Madison?


Let’s ignore for a moment that the Ashley Madison site didn’t bother to verify email addresses – adding further weight to the argument that if someone appears to have an account, not only is it not proof that they have not had an affair, but it’s not even a certainty that they ever even visited the site.

And let’s draw a veil over the (admittedly fascinating) revelation that the leaked data appears to show that almost none of the women in the Ashley Madison database ever used the site, suggesting that men were largely paying money to converse with automated bots.

Assuming that you were really using a site like Ashley Madison, and that you were really talking to other people (rather than fembots) who wanted to have an affair with you, why would you give a site like that the email address you use for work ?

Because it seems plausible that at least some of those accounts which had the email addresses of, bankers, the US miltary, or politicians and government workers might be real.

It’s a question I’ve been asked time and time again over the last week, and I think there’s one very simple answer.

People are more afraid of their spouse finding out about their membership of an dating or porn site than they are about their system administrator.


Source: Twitter

A suspicious partner might have plenty of opportunities to access your webmail account at home (maybe you rarely log out on a shared computer), or may see you furtively hiding browser windows on your desktop as they enter the room.

An IT team at work, however, probably has much more serious things to worry about – such as stopping hackers from breaking into the company servers, and blocking malware attacks – than worrying about if you receive the occasional notification in your inbox about a saucy message waiting for you on Ashley Madison.

None of this, of course, is to suggest that you should sign up your work account for all manner of sites and communications of which your company would disapprove. It’s your company’s computer, not yours, and you should respect their guidelines about acceptable usage.

But for your own privacy, and to protect the good name of your employers, if you don’t want to take your dirty laundry home with you, perhaps it would be wiser to use a burner email account with a non-identifying name next time you want to sign up for a site like Ashley Madison.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.


Click here to post a comment
  • This is just an example why privacy rights are important.

    How many affairs actually took place?
    Assuming that the demographics of 95% male to 5% female are correct, as some have claimed, its not likely ANY affairs took place. They straight up got scammed under a false pretense when they joined, they were scammed for a month or so while paying membership, and they were scammed again when they left and paid the ‘cancellation fee’. Considering how long those records were being kept, and bearing in consideration they pointed out that this secret is worth paying an exit fee as someone could blackmail them, they definitely were aware that keeping the data was in bad faith.

    So who’s pictures were used on the 18million fake female profiles? And how did 18 million suckers not notice that the 18 female profiles were all unusually inactive? Why would they be sending dick pics to inactive accounts?

    Seems only the richest and highest profile customers were hooked up with golddiggers.

    But anyway, this is why privacy rights are important. Ironic how this breach of privacy truly shows the disastrous consequences of having your data collected and collated and ending up in the wrong hands – and the idiot general public laugh it off as they feel ‘morally superior’ to the AM customer base.

    Why did they use work email addresses? Because this, like every other American and Canadian customer, operate on the same credit card and professional business model.

    I have different passwords everywhere, specific emails for different sites and I’m called paranoid. Teamviewer was a marvelous convenience, but it got all those East German governments got hacked. I think the “cloud” model is convenient, but is a massive risk. ALL your data is on their servers, so what difference would an email make?

    Its how its used against you. Ashley Madison was never supposed to get “hacked”. But then again, one’s cloud server could get “hacked” at any time. ones fakebook or google can also “just” get hacked.
    Maybe there needs to be a transparent monitoring of traffic by a REPUTABLE organisation, but that is another story?
    This data collation should not be treated like a minor thing. Make a law preventing a company from forcing a “collection of data to improve our services” nonsense. Make a law preventing people from “checkboxing” a so called legal contract where fakebook can listen in to your phone “to identify the song you are listening to” and provide a ‘service’ If the customer doesn’t understand the implications, then the contract is not binding and null and void, and that then would classify it as spying on the user. — that kind of thing maybe?

    What use are all these revelations by Binney and Snowden. Binney says everything is monitored. So surely with all this going on, they could rebuild the TOR from logs- after all if this wasn’t public knowledge (and AM actually was hacked by Chinese), then 15000 military, plus govt plus corporate etc are able to be co-erced into anti=USA stuff..
    But no…

  • nice articles..using a work email address is by far more safer than giving your personal email address..simply means..that the cheater would have totall privacy of his/her affairs..

  • Although the question is why would anyone do something as stupid as using work emailis highly rhetorical, the real answer is not.

    People do stupid things – like using their work email for questionable activities – because our educational system is geared to teaching us not to think but rather to remember.

    The second part is the youth using the devices is more comfortable using them than the instructors, and ‘internet awareness’ is not taught.

    So Graham, your question is rhetorical the answer is complex. My follow up question is: “Is it better to know the names of the generals in the revolutionary war or better to know how to organize and manage your internet identity?”

  • Some companies would fire you for visiting it alone but probably more would fire you for using your work email for such a thing. Can’t say I would blame them – in fact, I would encourage it; their employees are there to – funnily enough – work, not for dating and certainly not dating in questionable manners. If you’re doing something else, are you doing your job? Why not? Your job is first and foremost perhaps besides emergencies, while at your job (and if you have access to the email at home then it is for work, surely?), isn’t it?

  • Some of these sign-ups look very old (remember that AM was founded in 2001). Although these days there is a somewhat greater awareness with users about what is and isn’t appropriate for a work email account (and free webmail these days is everywhere so why bother), a decade or more ago attitudes and understandings were different.

    @Coyote: whether or not a corporation would fire someone for using a dating site is down to those policies. Many corporations allow personal use of the internet outside of working hours (e.g. lunchtime) subject to certain policies. AM is categorised as a “Dating” site, so it depends on the corporation policies for that sort of site. Given everything we know about AM know, you might want to block it.. but remember until a few weeks ago this was just another site on the world wide web..

  • Work and personal should be segregated from each other.

    I can’t fathom why people use their work email for anything non-work related.

    The way I see it, it’s a resource provided for, work.purposes…

    Even for less sinister things like mailing lists, eBay, etc… when you leave, it’ll be a hassle updating addresses.

    Avoid the conflict/troubles and set up a GmIl, Hotmail, Yahoo, etc…