As the Ashley Madison hacking saga continues to unfold, the data breach into the cheating website revealed another lesson that should be learned not just by the affected users of the hack, but by all Internet users as well.
Users that have log-in accounts on websites should be pairing their unique usernames with strong passwords, as weaker passwords are prone to being hacked, leading to different sorts of stress or embarrassment to the user.
CynoSure Prime, a hobbyist password cracking team, revealed that it has cracked 11.7 million encrypted passwords over a period of 10 days from the data that was extracted and released from Ashley Madison. The group's achievement was surprising, considering that the passwords of Ashley Madison user accounts were encrypted with bcrypt, which is a very slow and demanding algorithm. It was said that it would take centuries to crack all 36 million passwords extracted from the data breach.
CynoSure Prime discovered errors in programming which made over 15 million passwords much easier and faster to crack. While the remaining 3.7 million passwords have not yet been deciphered, the group already released the top passwords from the 11.7 million that have already been cracked.
The top five passwords were revealed to be 123456, 12345, password, DEFAULT and 123456789, following the trend of users utilizing such weak passwords for protecting their online accounts. Similar weak passwords have been seen in previous hacking operations across different websites.
There were a total of 120,511 cases of the password 123456, which according to some surveys has been the most popular password that has been uncovered in data breaches over the previous two years.
The password DEFAULT, however, may not be from users, as there are rumors that some accounts on Ashley Madison were fake sign-ups. It is possible that this password is the one being used for fake accounts.
If users would utilize passwords that feature long strings of upper-case letters, lower-case letters and numbers, the passwords would not be as easily cracked as the 11.7 million that have already been deciphered. In addition, only 4.6 million of the 11.7 million passwords that were cracked were unique.
It is disappointing to see that even after years upon years of awareness, Internet users are still using terrible passwords for their online accounts, news website Ars Technica said, which is something that users should have already learned as hacking attacks continue to occur. Unfortunately for Ashley Madison users involved in the data breach, they may have learned their lesson a little too late.