Some Ashley Madison users have something in common with many internet users when it came to their security passwords. 4,000 of the underlying plaintext passwords from the leak have been deciphered and you could probably guess some of the passwords that were used. Hint: we mentioned one three times in the first two sentences.
123456, password, 12345, qwerty, ashley, abc123 and 111111 were among some of the 4,000 passwords that were uncovered, according to a list provided by Arstechnica. They weren’t very intricate and hardly clever like the 696969 password that also made the list.
“The long-and-short of his project is that after five days of nonstop automated guessing using a moderately fast server specifically designed to carry out compute-intensive cryptographic operations, he deciphered just 4,000 of the underlying plaintext passwords,” said Arstechnica, explaining security expert Dean Pierce’s breakdown of the passwords.
“Not surprisingly, the passwords Pierce extracted from just the first 6 million entries in the Ashley Madison table look as weak as those from just about any data breach.”
Even more astounding is the multiple number of users who might have all had the same passwords. The report states that the amount of users with these passwords could belong to millions.
“Depending on how the list was organized, that may mean they belong to the earliest six million accounts created during the site’s 14 years in operation,” according to the report.
“Passwords from the last million entries—which might have been created in the last few years—could be stronger.”
There is quite a lot to learn from this password list as well as others that have been uncovered from other hacks throughout the years. Password strength still doesn’t seem to hold merit to those who create accounts for various websites. This makes it very easier for accounts to get hacked as attackers could simply cross check passwords from old lists with a users and crack the code.
Read the full story.