‘123456’ ‘password’ ‘qwerty,’ ‘ashley,’ ‘fuckme,’ and ‘fuckyou’ are the top passwords used on Ashley Madison
Hacking of extramarital affairs site Ashley Madison was brutal, now it is being more awkward after the passwords of hacked users are being cracked and exposed.
Recently Ashley Madison was hacked by a group of hackers named “The Impact Team”. They hacked the database containing information of around 37 million users. But the passwords were still hashed (hashing is a technique of encoding the plaintext password into a code by using certain operations called cyphers).
Now a researcher has cracked hashes of almost 4000 passwords from data dump. The results of his research reveal how insensible people become while setting passwords. The top two passwords in the sample were unsurprisingly “123456” and “password”.
“When the Ashley Madison database first got dumped, there was an interesting contingent of researchers talking about how pointless it would be to crack the passwords, since Ashley Madison was using salted bcrypt with a cost of 12,” researcher Dean Pierce wrote on his cryptography and Bitcoin blog.
Bcrypt is a hashing function, that, as pointed out by Errata Security’s Robert Graham, is stronger than some more common variants making it more difficult to be cracked by simple password recovery Softwares like Ophcrack.
Out of those 4000 cracked passwords only 1,191 were unique and the 20 most popular were truly abysmal. Other passwords on the list included “qwerty,” “ashley,” and, curiously, “fuckme” and “fuckyou.” It’s worth emphasising that this research only dealt with 4,000 passwords out of 37 million, so cannot be treated as representative of the whole data dump.
It is obvious that all this stuff is frustrating for the users whose passwords have been cracked ,but a website’s hashing algorithms however strong they are,will be unable to protect a user password from being cracked till the user itself understands the necessity to create strong passwords and take countermeasures accordingly while setting a password. Setting secure password is an art which also requires updated and oriented knowledge of latest techniques used in hacking.