When data from the massive Ashley Madison hack first leaked online, one tiny bright spot was that researchers said the company appeared to use a strong algorithm to encrypt users passwords. But now one group says it already decoded more than 11 million passwords because programming errors in how that encryption was applied left the information less secure than originally thought.
And the passwords unearthed by the decoding hobbyists, known as CynoSure Prime, so far suggest that many who were seeking thrills on the infidelity-focused site had poor digital hygiene.
The top password uncovered so far: 123456, according to Ars Technica. The other passwords that made the top five aren't much better: 12345, password, DEFAULT, and 123456789.
But those (awful) passwords shouldn't be too surprising: By some surveys, “123456” has been the most popular password uncovered in data breaches during the past twoyears.
As a quick reminder, using super common passwords makes it much easier for bad guys to just guess their way into your accounts. And it's a bad idea to reuse passwords, too – otherwise, a malicious hacker might be able to leverage a password uncovered in one breach to break into one of your other personal accounts.
Avid Life Media, Ashley Madison's parent company, did not immediately respond to a request for comment about how the passwords were encrypted. – Washington Post