Home > Web > These hacked Ashley Madison passwords are NSFW…

These hacked Ashley Madison passwords are NSFW … or anywhere else, really

You’d think that people signing up to cheat on their spouses would want to be a bit more creative with their password choice, but you’d be wrong. Now that some 11 million of Ashley Madison’s supposedly un-hackable passwords have — shocker! — been cracked, the researchers behind this great feat have released the top 100 most common strings used to protect these users’ infidelity. The most popular? 123456, with 120,511 uses. Come on, guys. It’s like you want to get caught, or something.

Despite earlier claims insisting that it would take centuries to discover passwords to the 36 million compromised accounts, in all actuality, it was more just a matter of weeks before a group of password hackers, who call themselves CynoSure Prime, managed to unearth rather extensive programming errors that left more than 15 million passwords rather vulnerable. And already, the vast majority of the weakest members of the password herd have been taken down. With the rest of the top 10 including 12345, password, DEFAULT, 123456789, qwerty, 12345678, abc123, pussy, and 1234567, it really doesn’t seem like rocket science.

Related: Ashley Madison ex-CTO threatens Brian Krebs with lawsuit over hacking claims

In a grand display of what is either hubris or just plain stupidity, the most common passwords used in Ashley Madison accounts are also the most common passwords used period. Of course, No. 9 is a notable exception, but that may speak more to the immaturity of the user base (slim pickings when it comes to cheaters, eh?).

For now, CynoSure Prime has decided not to release the passwords in full, though you’re more than welcome to study up on their methods here. Given the apparent relative ease and speed with which the group managed to get through the first 11 million, it seems only a matter of time (and not that much of it, at that), before they’re privy to the log in information of the rest of the 15 million weaker accounts, and perhaps the remainder of the compromised user base as well.

To see the full list of the top 100 thus far, you can check out Ars Technica’s full roundup — by the way, just over a third (4.6 million) of the cracked passwords were unique, so it seems that the cheaters had more in common than just bad intentions for their marriage.

So let this be a warning: If you’re logging into some illicit site, do better than 123456.