Antivirus maker Avast Software has been sifting through the user passwords leaked by the Ashley Madison hackers and based on their findings, it appears as if the cheating website’s users, at least some of them, were using some really weak passwords like “password” and “123456.”
The leaked data from the hack contains roughly 36 million usernames along with corresponding passwords, however, to the dismay of black hats inclined to pilfer passwords, it turns out that the team behind the scenes at Ashley Madison was actually security conscious enough to encrypt the passwords of their users with a Blowfish cipher-based security algorithm known as bcrypt. Because the password hashes were stored in bcrypt, cracking all of the leaked passwords is unrealistic. Subsequently, Avast’s researchers opted to run lists of common passwords against a relatively small sampling of the passwords available. What they came up with after roughly two weeks of cracking was a list of the site’s top 20 most commonly used bad passwords.
At the top of the list, Avast found “123456” to be the most commonly used bad password. Next in line came “password” at number two, which was followed by “12345” at number three.
- 123456
- password
- 12345
Moving on down the list of the worst passwords most often used by the online cheating website’s users, entries include terribly simple passwords like “dragon,” “qwerty,” “johnson” and “football.”
Thus far, according to Avast’s data, the most common password (“123456”) was used nearly twice as often as the second most common password (“password”).
Back in August, not one but two suicides were reportedly linked to the Ashley Madison leak. More recently, reports revealing a string of blackmails tied to the leaked data began to surface.
