When a number of data from the Ashley Madison website hack leaked online, the only positive thing the website got out of it was that according to researchers, ?the company appeared to use a strong algorithm to encrypt users? passwords.? But recently, another group shared that it has incredibly decoded a whopping 11 million passwords due to the programming errors on how the encryption was applied made the information less secure ?than originally thought,? posted by the Star.
After hacker of the Ashley Madison website publicly shared overwhelmingly large numbers of documents, emails, and data, Cynosure Prime, a group of decoders, was able to sift through the source code and had deciphered over 11.2 million passwords from the company in a short 10 days. The error made by the security team of the hacked company allowed Cynosure Prime to crack the passwords a million times faster, according to the Next Web.
?The majority of passwords that we have cracked so far appear to be quite simple, either being lowercase with numbers or just lowercase,? Cynosure Prime shared in their blog. ?Passwords containing purely numbers also appear to be relatively popular,? they added.
Check out some of the passwords obtained by Cynosure Prime from their blog.
Those that think adding a few more words to the word password make it harder to crack:
Those that are having doubts about using the site:
Those that are in denial:
Those who think this is a dating site:
Those who trusted Ashley Madison:
According to Ars Technica, the top password that was uncovered so far was surprisingly simple: 123456. Other passwords that were uncovered include a more careless 12345, password, DEFAULT, and 123456789. It should be of no surprise to us that these awful passwords are the most common because from some surveys, they say that ?123456? ?has been the most popular password uncovered in data breaches during the past two years, according to the Star.
Cynosure Prime decided not to release the passwords, from the users themselves, which they?ve decoded in order to protect end users. Fortunately, they shared detailed steps on how to replicate the passcode recovery, shared by the Next Web.