When hackers gained access to 36's millions of Ashley Madison accounts, a married site, many were worried and wanted to know what was stolen.
Ένα μήνα μετά τη γνωστοποίηση της παράβασης, οι hackers κυκλοφόρησαν το πρώτο πακέτο των κλεμμένων δεδομένων. Οι διευθύνσεις ηλεκτρονικού ταχυδρομείου, κωδικοί πρόσβασης, και οι συναλλαγές που είχαν πραγματοποιηθεί με πιστωτική κάρτα, they leaked από τις 18 Αυγούστου. Λίγες μέρες μετά εμφανίστηκαν περισσότερα δεδομένα, που συμπεριλάμβαναν: εσωτερικά μηνύματα ηλεκτρονικού ταχυδρομείου με τη μητρική company of the website, Avid Media Life.
Οι δεκάδες εκατομμύρια κωδικοί πρόσβασης, που διέρρευσαν από τη σελίδα Ashley Madison, ήταν κρυπτογραφημένοι, με bcrypt. Ο Robert Graham ερευνητής ασφαλείας στην Security Errata, Reported on their blog, that the event was a "refreshing change." This means that users with strong passwords are "safe."
But we can not say the same about weak passwords.
Security expert Dean Pierce Reported how he managed to break the encryption of weak passwords with a "cracking rig."
The Results they should not surprise us. Using weak passwords on the website was terrible.
Pierce spent five days executing an automated password "crack" process, and stopped at about 0,0006 percent of all leaked data. But that means 4.000 decrypted passwords.
The most common password was the well-known “123456”, while the also known “password” came in second. (You can download the full list from Google Drive, by Pierce.)
It is worth noting that in the case of Ashley Madison, it is not clear from what point in time the data with the passwords was leaked. It is possible that the website allowed weak passwords in its early days operation of it, and later required stronger ones when registering on the site. .
“It may also be impossible to break any password with bcrypt, but given that many users use weak passwords, it doesn't matter if the passwords are bcrypted and salted. Some will break. ”
See the worst passwords from Ashley Madison's hack
Password |
Used |
---|---|
123456 | 202 |
Password | 105 |
12345 | 99 |
QWERTY | 32 |
12345678 | 31 |
ashley | 28 |
baseball | 27 |
abc123 | 27 |
696969 | 23 |
111111 | 21 |
Football | 20 |
f ** kyou | 20 |
madison | 20 |
and ** sticks | 19 |
superman | 19 |
f *** me | 19 |
hockey | 19 |
123456789 | 19 |
hunter | 19 |
harley | 18 |