Another thing exposed in Ashley Madison hack: Terrible passwords

  • Using super common passwords makes it much easier for bad guys to just guess their way into your accounts. And it's a bad idea to reuse passwords, too -- otherwise, a malicious hacker might be able to leverage a password uncovered in one breach to break into one of your other personal accounts.

    Using super common passwords makes it much easier for bad guys to just guess their way into your accounts. And it's a bad idea to reuse passwords, too -- otherwise, a malicious hacker might be able to leverage a password uncovered in one breach to break into one of your other personal accounts. Associated Press file photo

 
 
Posted9/19/2015 7:35 AM

When data from the massive Ashley Madison hack first leaked online, one tiny bright spot was that researchers said the company appeared to use a strong algorithm to encrypt users passwords. But now one group says it already decoded more than 11 million passwords because programming errors in how that encryption was applied left the information less secure than originally thought.

And the passwords unearthed by the decoding hobbyists, known as CynoSure Prime, so far suggest that many who were seeking thrills on the infidelity-focused site had poor digital hygiene.

 

The top password uncovered so far: 123456, according to Ars Technica. The other passwords that made the top five aren't much better: 12345, password, DEFAULT, and 123456789.

But those (awful) passwords shouldn't be too surprising: By some surveys, "123456" has been the most popular password uncovered in data breaches during the past two years.

As a quick reminder, using super common passwords makes it much easier for bad guys to just guess their way into your accounts. And it's a bad idea to reuse passwords, too -- otherwise, a malicious hacker might be able to leverage a password uncovered in one breach to break into one of your other personal accounts.

Avid Life Media, Ashley Madison's parent company, did not immediately respond to a request for comment about how the passwords were encrypted.

0 Comments
                                                                                                                                                                                                                       
 
Article Comments ()
Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the X in the upper right corner of the comment box. To find our more, read our FAQ.