The Australian public service has weighed in on the Ashley Madison hack, warning government staff not to register with their work e-mails or use office 'net connections.
At the same time, however, the Australian Public Service Commission (APSC) has cast doubt on the veracity of at least some of the e-mails published in the hack.
Refreshingly, the APSC has declined to play moral campaigner. The article makes no suggestion that merely using a site like Ashley Madison - if indeed a profile was real - puts someone at risk of dismissal, only that office connections aren't the place for it.
In a staff newsletter, the APSC says “While most public servants can use their work email for some personal purposes, this usage must be consistent with the Code of Conduct and the policies that individual agencies have developed. Usage of a public service email account for this type of site is inappropriate.”
The APSC has also poured cold water on some of the more breathless and uncritical media reports, in which various local outlets assumed a .gov.au e-mail address represented a real profile (there were 700 such addresses, some obviously faked).
“It is clear that some of those reports have exaggerated the number of Australian Public Service employees involved in this activity,” the APSC notes. “It is also likely that a number of the email addresses supplied to the website were fake”.
Just how many fake IDs are in the dump files is probably impossible to accurately assess. Apart from evidence that many or most of the profiles identified as female were faked, there was ample opportunity for whatever data was lifted from Ashley Madison's servers to be augmented with data already traded between various black hats. ®