Internet News

Avast Cracks Leaked Ashley Madison Passwords, Explores Findings


Antivirus maker Avast Software has been sifting through the user passwords leaked by the Ashley Madison hackers and based on their findings, it appears as if the cheating website’s users, at least some of them, were using some really weak passwords like “password” and “123456.”

The leaked data from the hack contains roughly 36 million usernames along with corresponding passwords, however, to the dismay of black hats inclined to pilfer passwords, it turns out that the team behind the scenes at Ashley Madison was actually security conscious enough to encrypt the passwords of their users with a Blowfish cipher-based security algorithm known as bcrypt. Because the password hashes were stored in bcrypt, cracking all of the leaked passwords is unrealistic. Subsequently, Avast’s researchers opted to run lists of common passwords against a relatively small sampling of the passwords available. What they came up with after roughly two weeks of cracking was a list of the site’s top 20 most commonly used bad passwords.

At the top of the list, Avast found “123456” to be the most commonly used bad password. Next in line came “password” at number two, which was followed by “12345” at number three.

  1. 123456
  2. password
  3. 12345

Moving on down the list of the worst passwords most often used by the online cheating website’s users, entries include terribly simple passwords like “dragon,” “qwerty,” “johnson” and “football.”

Thus far, according to Avast’s data, the most common password (“123456”) was used nearly twice as often as the second most common password (“password”).

Back in August, not one but two suicides were reportedly linked to the Ashley Madison leak. More recently, reports revealing a string of blackmails tied to the leaked data began to surface.

Click to comment
To Top

Hi - We Would Love To Keep In Touch

If you liked this article then please consider joing our mailing list to receive the latest news, updates and opportunities from our team.

We don't want an impostor using your email address so please look for an email from us and click the link to confirm your email address.