The infamous Ashley Madison breach makes further headlines, this time revealing weak and unimaginative passwords used to access Ashley Madison accounts.
The recent breach of extramarital affairs website Ashley Madison has resulted in millions of account details including personal information being dumped online. Multiple times.
In the aftermath of the online dump, a password cracking group discovered that programming errors by Ashley Madison meant that they were able to decipher over 11 million ‘unbreakable’ passwords in a week’s time.
Despite its many vulnerabilities leading to the breach, Ashley Madison did embrace robust encryption for its user passwords using the ‘bcrypt’ algorithm.
Related article: Online Dating Site Ashley Madison Hacked
However, a new report issued by security firm Avast notes that many of Ashley Madison users’ passwords are among the weakest and most common passwords used to secure their adulterous dating accounts. A weak password, even encrypted – is still weak.
The Weakest Passwords Used by Ashley Madison Users
Using password cracking utility ‘hashcat’ for the first million passwords, Avast has cracked 26,393 hashes so far, out of which 1,064 were unique passwords.
Avast posted a list of the top 20 passwords cracked from the data it has accessed so far. They are:
For comparison, the top 20 most common passwords from the 500-worst list are:
It’s important to note that the password list derived from the first million Ashley Madison accounts that are likely to have been created during the initial years of the website, back in 2001.
The later batches of cracked passwords will make for interest insight to see if Internet users have gotten better in creating more secure passwords.