On September 6, we published the 10 worst for the first time codeof access from the hack to the Ashley Madison page.
A month after the Ashley Madison breach was announced, hackers released the first batch of stolen data. Email addresses, passwords, and transactions that had been made with credit card, have been leaked since August 18th. A few days later, more data surfaced, including: internal emails with the website's parent company, Avid Media Life;
The tens of millions of passwords, leaked from Ashley Madison's page, were encrypted, with bcrypt. Robert Graham security researcher at Errata Security, Reported on their blog, that the event was a “refreshing change.” This means that users with strong passwords are "safe."
But we can not say the same about weak passwords.
The specialist in issues security Dean Pierce Reported how he managed to break the encryption of weak passwords with "cracking rig."
The results should not surprise us. Using weak passwords on the site was terrible.
Pierce spent five days running an automated "break" of passwords, and stopped about 0,0006 percent of all data leaked. However, this means 4.000 decrypted passwords.
The most common password was the known "123456", while the so-called "Password"Was ranked second. (You can download the full list from Google Drive, by Pierce.)
It is worth noting that in the case of Ashley Madison, it is not clear at what point in time the data with the passwords leaked. It is likely that the website allowed weak passwords in the first days of its operation, and later required stronger when signing up for the site. .
"It may also be impossible to break any bcrypt password, but given that many users are using weak codes, it does not matter if the passwords are bcrypted and salted. Some will break. "
See 100's worst passwords from Ashley Madison's hack
| Passwords | Times Used |
|---|---|
| 123456 | 120,511 |
| 12345 | 48,452 |
| Password | 39,448 |
| default | 34,275 |
| 123456789 | 26,620 |
| QWERTY | 20,778 |
| 12345678 | 14,172 |
| abc123 | 10,869 |
| p *** y | 10,683 |
| 1234567 | 9,468 |
| 696969 | 8.801 |
| ashley | 8,793 |
| f ** kme | 7,893 |
| Football | 7,872 |
| baseball | 7,710 |
| f ** kyou | 7458 |
| 111111 | 7,048 |
| 1234567890 | 6,572 |
| ashleymadison | 6,213 |
| password1 | 5,959 |
| madison | 5,219 |
| and ** sticks | 5,052 |
| superman | 5,023 |
| mustang | 4,865 |
| harley | 4,815 |
| 654321 | 4,729 |
| 123123 | 4,612 |
| Hello | 4,425 |
| monkey | 4,296 |
| 000000 | 4,240 |
| hockey | 4,191 |
| letmein | 4,140 |
| 11111 | 4,077 |
| Friendly | 3,936 |
| cheater | 3,908 |
| kazuga | 3,871 |
| hunter | 3,869 |
| shadow | 3,831 |
| michael | 3,743 |
| 121212 | 3,713 |
| 666666 | 3,704 |
| I love you | 3,671 |
| qwertyuiop | 3,599 |
| secret | 3,522 |
| buster | 3,402 |
| Horny | 3,389 |
| Jordan | 3,368 |
| hosts | 3,295 |
| zxcvbnm | 3,280 |
| Asdfghjkl | 3,174 |
| a | 3,156 |
| golden dragon | 3,152 |
| 987654 | 3,123 |
| liverpool | 3,087 |
| bigd ** k | 3,058 |
| sunshine | 3,058 |
| Yankees | 2,995 |
| asdfg | 2,981 |
| freedom | 2,963 |
| Batman | 2,935 |
| whatever | 2,882 |
| charlie | 2,860 |
| f ** koff | 2,794 |
| money | 2,686 |
| pepper | 2,656 |
| jessica | 2,648 |
| but I do not understand what you wrote | 2,617 |
| 1qaz2wsx | 2,609 |
| 987654321 | 2,606 |
| andrew | 2,549 |
| qazwsx | 2,526 |
| dallas | 2,516 |
| 55555 | 2,501 |
| 131313 | 2,498 |
| abcd1234 | 2,489 |
| anthony | 2,487 |
| steelers | 2,470 |
| asdfgh | 2,468 |
| jennifer | 2,442 |
| killer | 2,407 |
| cowboys | 2,403 |
| master | 2,395 |
| jordan23 | 2,390 |
| robert | 2,372 |
| maggie | 2,357 |
| looking | 2,333 |
| Thomas | 2,331 |
| George | 2,330 |
| matthew | 2,298 |
| 7777777 | 2,294 |
| amanda | 2,273 |
| summer | 2,263 |
| qwert | 2,263 |
| princess | 2,258 |
| creak | 2,252 |
| william | 2,245 |
| corvette | 2,237 |
| jackson | 2,227 |
| tigger | 2,224 |
| computer | 2,212 |
