On September 6th we published for the first time, the 10 worst passwords accesss from the hack on Ashley Madison's page.
Ένα μήνα μετά τη γνωστοποίηση της παράβασης της ιστοσελίδας Ashley Madison, οι hackers κυκλοφόρησαν το πρώτο πακέτο των κλεμμένων δεδομένων. Οι διευθύνσεις ηλεκτρονικού ταχυδρομείου, κωδικοί πρόσβασης, και οι συναλλαγές που είχαν πραγματοποιηθεί με πιστωτική κάρτα, διέρρευσαν από τις 18 Αυγούστου. Λίγες μέρες μετά εμφανίστηκαν περισσότερα δεδομένα, που συμπεριλάμβαναν: εσωτερικά μηνύματα ηλεκτρονικού ταχυδρομείου με τη μητρική company of the website, Avid Media Life.
The tens of millions of passwords, leaked from Ashley Madison's page, were encrypted, with bcrypt. Robert Graham security researcher at Errata Security, Reported on their blog, that the event was a "refreshing change." This means that users with strong passwords are "secure."
But we can not say the same about weak passwords.
Security expert Dean Pierce Reported how he managed to break the encryption of weak passwords with "cracking rig."
The results should not surprise us. Using weak passwords on the site was terrible.
Pierce spent five days running an automated "break" of passwords, and stopped about 0,0006 percent of all data leaked. However, this means 4.000 decrypted passwords.
The most common password was the known "123456", while the so-called "Password"Was ranked second. (You can download the full list from Google Drive, by Pierce.)
It is worth noting that in the case of Ashley Madison, it is not clear at what point in time the data with the passwords leaked. It is likely that the website allowed weak passwords in the first days of its operation, and later required stronger when signing up for the site. .
"It may also be impossible to break any bcrypt password, but given that many users are using weak codes, it does not matter if the passwords are bcrypted and salted. Some will break. "
See 100's worst passwords from Ashley Madison's hack
Passwords | Times Used |
---|---|
123456 | 120,511 |
12345 | 48,452 |
Password | 39,448 |
default | 34,275 |
123456789 | 26,620 |
QWERTY | 20,778 |
12345678 | 14,172 |
abc123 | 10,869 |
p *** y | 10,683 |
1234567 | 9,468 |
696969 | 8.801 |
ashley | 8,793 |
f ** kme | 7,893 |
Football | 7,872 |
baseball | 7,710 |
f ** kyou | 7458 |
111111 | 7,048 |
1234567890 | 6,572 |
ashleymadison | 6,213 |
password1 | 5,959 |
madison | 5,219 |
and ** sticks | 5,052 |
superman | 5,023 |
mustang | 4,865 |
harley | 4,815 |
654321 | 4,729 |
123123 | 4,612 |
Hello | 4,425 |
monkey | 4,296 |
000000 | 4,240 |
hockey | 4,191 |
letmein | 4,140 |
11111 | 4,077 |
Friendly | 3,936 |
cheater | 3,908 |
kazuga | 3,871 |
hunter | 3,869 |
shadow | 3,831 |
michael | 3,743 |
121212 | 3,713 |
666666 | 3,704 |
I love you | 3,671 |
qwertyuiop | 3,599 |
secret | 3,522 |
buster | 3,402 |
Horny | 3,389 |
Jordan | 3,368 |
hosts | 3,295 |
zxcvbnm | 3,280 |
Asdfghjkl | 3,174 |
a | 3,156 |
golden dragon | 3,152 |
987654 | 3,123 |
liverpool | 3,087 |
bigd ** k | 3,058 |
sunshine | 3,058 |
Yankees | 2,995 |
asdfg | 2,981 |
freedom | 2,963 |
Batman | 2,935 |
whatever | 2,882 |
charlie | 2,860 |
f ** koff | 2,794 |
money | 2,686 |
pepper | 2,656 |
jessica | 2,648 |
but I do not understand what you wrote | 2,617 |
1qaz2wsx | 2,609 |
987654321 | 2,606 |
andrew | 2,549 |
qazwsx | 2,526 |
dallas | 2,516 |
55555 | 2,501 |
131313 | 2,498 |
abcd1234 | 2,489 |
anthony | 2,487 |
steelers | 2,470 |
asdfgh | 2,468 |
jennifer | 2,442 |
killer | 2,407 |
cowboys | 2,403 |
master | 2,395 |
jordan23 | 2,390 |
robert | 2,372 |
maggie | 2,357 |
looking | 2,333 |
Thomas | 2,331 |
George | 2,330 |
matthew | 2,298 |
7777777 | 2,294 |
amanda | 2,273 |
summer | 2,263 |
qwert | 2,263 |
princess | 2,258 |
creak | 2,252 |
william | 2,245 |
corvette | 2,237 |
jackson | 2,227 |
tigger | 2,224 |
computer | 2,212 |