The Ashley Madison scandal still goes on, months after the site has been hacked and much information has been exposed. As if the simple knowledge that the whole internet can now see that you cheated on your husband or wife was not enough, now the passwords of the infidels have been released for the world to see. Awkwardly enough, the majority of passwords can be cracked by 4 year olds.
A group of people who like cracking codes have looked into the Ashley Madison data that was released only to find out that the site had great mistakes when it came to encrypting half of the 32 million population’s passwords. It is funny to think that the site wore that “100% safe” badge for so many years only to have been cracked by some people who just enjoy doing this.
Information so easy to obtain was practically free food for the password cracking team now widely known as CynoSure Prime. The group was able to unearth approximately 11 million passwords from Ashley Madison and some of them could be simply cracked by trying simple number combinations. ArsTechnica was the first to report the group’s conclusions.
So how did Ashley Madison expose all of their customers? By making two simple mistakes that even a high school graduate passionate for IT knows not to do: all passwords were converted to lowercase letters and the encryption algorithms that were ran on the passwords were some of the weakest anybody could think of. No wonder the site was so easy to hack In the first place.
Here is a very small introduction in IT. If, for example, your password on Ashley Madison was a simple “Password”, the site would have automatically converted it into “5f4dcc3b5aa765d61d8327deb882cf99”. It looks complex, but we can tell you for sure that this code is one of the easiest codes you can ever crack.
Interested in what passwords people were using to cheat on their loved ones? Here are the most used: 123456, password, 2345678 and querty. Yes, these were the most used passwords on Ashley Madison, but things got a little weirder, too. There were some other passwords that had a high frequency such as “helpme”, “midnight” or “yahama”.
It is safe to say that it is not only Ashley Madison’s fault for making basic encryption mistakes, but the users as well, for having such easy passwords that can be easily guessed by algorithms which are designed to do just that. So, if you are an IT fan and you are reading this, you might find it as hilarious as we did.
Photo Credits laweekly.com