Ashley Madison leak news: Passwords cracked
Days after data from AshleyMadison.com was first revealed, the company said encrypted passwords are almost impossible to be decoded because of the site's way of how they were scrambled, and several weeks later, a cracking group has claimed that it was able to crack millions of passwords.
According to The Washington Post, the decoding team known as CynoSure Prime said it has already cracked more than 11 million passwords due to the programming errors found in the system. The crackers also said the system's encryption made it a lot easier to infiltrate the passwords that were originally thought to be secure.
The group said it was able to uncover two functions in the site code that proved to be unsecure as the team was "able to gain enormous boosts in cracking the bcrypt hashed passwords."
Get Our Latest News for FREE
The decoded passwords could only mean that many of those who found refuge in the infidelity site had very poor digital security practices, according to the experts.
Ars Technica said the top password uncovered so far is :123456. Other passwords that garnered spots on the top 5 aren't really far from the top 1: 12345, password, DEFAULT, and 123456789.
The cracking group has clarified that it will not be sharing the other decoded passwords but it detailed the method that was used to get the passwords cracked. The decoded passwords are also a clear indication that those who have reused their Ashley Madison password could see other accounts hacked, as well.
The Impact Team breached the Ashley Madison website first and revealed information, including the login names and passwords, as well as emails of more than 30 million site users.
Several suicides have been linked to the site's breach, including the death of Texas police chief Captain Michael Gorhum, and just recently, that of pastor and seminary professor John Gibson.
Noel Biderman, CEO of Avid Life Media, Ashley Madison's parent company, has stepped down from his post, almost two weeks after the hack.
