When the news about the massive Ashley Madison made the headlines for the first time the only tiny bright spot was the declaration of the security experts that the company appeared to use a strong algorithm to encrypt passwords of the dating site members. However, now, one group declared that it was already able to decode more than 11 million passwords. It seems that the encryption applied has programming errors that left the data less secure than originally thought.

Like Us on Facebook

The Ashley Madison hacking saga keeps unfolding. Now, another lesson can be learned from the data breach into the cheating website. And this is a lesson that should be learned not just by the affected members of the extra-marital affairs dating site, but by all users of the Internet as well.

Members of various online websites that have log-in accounts need be pairing their unique usernames with much stronger passwords than they use to do it at the moment. The Ashley Madison scandal has proved that weak passwords are prone to being hacked, and this kind of issue can lead to stress or embarrassment to the user.

An amateur password cracking team called CynoSure Prime has revelead that the user passwords on the dating site Ashley Madison were very easy to decrypt, according to Ars Technica. The team was able to crack over a period of just 10 days around 11.7 million encrypted passwords. For their experiment the members of the cracking team have used data that was extracted and released from Ashley Madison.

Considering that the passwords of Ashley Madison user accounts were encrypted with a very slow and demanding algorithm called bcrypt, the group's achievement was surprising for many security experts.

Before the achievement of the hobbyist password-cracking team, other security experts used to believe that it would take centuries to crack all 36 million Ashley Madison passwords that are using the bcrypt algorithm.

The CynoSure Prime group has discovered some errors in programming, fact that makes around 15 million passwords much faster and easier to crack. The group already released the top passwords from the 11.7 million which have been already cracked and only the remaining of 3.7 million passwords have not yet been deciphered.

The top five passwords were revealed to be, according to Ars Technica, password, DEFAULT, 123456, 12345 and 123456789. It was shown that most of the users of the Ashley Madison dating site were following a trend of utilizing very weak passwords for protecting their online accounts. Previously, other hacking operations across various websites have shown similar weak passwords.

On Ashley Madison website there were a total of 120,511 cases of the password 123456. According to some surveys, as reported by The Washington Post, in the last two years this is the most popular password uncovered in data breaches. Another very common occurrence is the password DEFAULT, which, however, may not be from real members of the site, according to some rumors that many accounts on Ashley Madison were fake sign-ups. 

TagsAshley Madison, Ashley Madison hack, Ashley Madison leak, Ashley Madison passwords, Ashley Madison hackers