One Of The Reason For Ashley Madison hack – Weak Passwords

Trending hacking news that rolling last 2 months was about Ashley Madison hack.Ashley Madison is the one of the popular adult dating website which got hacked by a group of hackers called The Impact Team on July 2015.And millions of accounts were compromised and most people became members of cheating spouse gang.

When data from the massive Ashley Madison hack first leaked online, one tiny bright spot was that researchers said the company appeared to use a strong algorithm to encrypt users’ passwords. But now a group of anonymous crackers now claim that they were able to decipher 11 million passwords  because programming errors in how that encryption was applied left the information less secure than originally thought.

Crackers from CynoSure Prime explained that the strong encryption algorithm the site used to hide user passwords since 2012 wasn’t applied to older passwords which account for about 11 million of 36 million passwords.The flaw allowed the 16-man team to crack open considerably more passwords than cyber security experts managed to do.  Ashley Madison security team used a method that requires a hacker to run 4,096 attempts of hashing for every password before finding a match to it and crack it. With this encryption method, cracking a single password is a slow and painful process with little odds of success.But the CynoSure Prime team found a back door. They identified a variable of the MD5 hash in the code prior to June 2012 when bcrypt was first implemented. That variable used the text version of a user password when generating the encryption code. The flaw allowed crackers to crack 11 million passwords in no time.

Moreover, CynoSure Prime also proved that you do not need expert cracking skills to break into Ashley Madison accounts since users themselves were low on imagination when trying to build a strong password.Crackers reported that Ashley Madison users’ favorite password was ‘123456’ with more than 120,000 users using it, followed by ‘12345,’ ‘password,’ ‘DEFAULT,’ and ‘123456789.’ Other passwords included ‘ashleymadison,’ ‘madison,’ ‘pussy,’ ‘hello,’ ‘monkey,’ ‘cheater,’ ‘superman,’ and ‘iloveyou.’The amzing fact is that ‘123456’ still ranks as the public’s all time favorite password. Moreover, countless data breaches in recent years were reported by users who used this incredibly simple password.

Security experts caution that predictable passwords expose your online accounts to cyber crime like no cracker does. Additionally, it is not recommended to use the same password to multiple accounts. Just think about it. If a cracker learns your master password he or she has access to all your online data and personal files.

Check out weak passwords used by number of users in the list below :