Ashley Madison
A password-cracking team has cracked over 11 million passwords, and has shared the top 100 choices selected by the website's users. Many of the "top" choices look like others that users selected during other high-profile data breaches during the past decade, and many websites continue to allow such insecure passwords.
CynoSure Prime was the hobbyist password-cracking team. It announced that it cracked millions of encrypted passwords over a timeframe of 10 days, from the data hacked and leaked from Ashley Madison.
The hacking team's password-cracking success is quite remarkable. That is because the user accounts were encrypted using bcrypt, which is an extremely slow and tough algorithm.
Security experts project that cracking each of the 36 million passwords extracted would take centuries. However, CynoSure Prime found programming errors. That made it easier and quicker to crack more than 15 million passwords.
All of the 11.7 million passwords cracked were due to their weakness. The other 3.7 million good passwords included long, random strings containing upper case and lower case letters, numbers, and symbols, and have not been decrypted yet, according to ArsTechnica.
Cross-referencing the passwords showed another issue. Only 39 percent of the11.7 million passwords were unique.
The most popular password was "123456" with 120,511 users choosing it. Rounding out the top 5 most common passwords were "12345," "password," "DEFAULT," and "123456789."
It is highly likely that the password "DEFAULT" is actually from fake accounts that the company created, according to Tech Times. There are rumors that many of the accounts were fake sign-ups , and DEFAULT could have been used for the phony user of the cheaters website.
