Despite earlier claims insisting that it would take centuries to discover passwords to the 36 million compromised accounts, in all actuality, it was more just a matter of weeks before a group of password hackers, who call themselves CynoSure Prime, managed to unearth rather extensive programming errors that left more than 15 million passwords rather vulnerable. And already, the vast majority of the weakest members of the password herd have been taken down. With the rest of the top 10 including 12345, password, DEFAULT, 123456789, qwerty, 12345678, abc123, pussy, and 1234567, it really doesn’t seem like rocket science.
In a grand display of what is either hubris or just plain stupidity, the most common passwords used in Ashley Madison accounts are also the most common passwords used period. Of course, No. 9 is a notable exception, but that may speak more to the immaturity of the user base (slim pickings when it comes to cheaters, eh?).
For now, CynoSure Prime has decided not to release the passwords in full, though you’re more than welcome to study up on their methods here. Given the apparent relative ease and speed with which the group managed to get through the first 11 million, it seems only a matter of time (and not that much of it, at that), before they’re privy to the log in information of the rest of the 15 million weaker accounts, and perhaps the remainder of the compromised user base as well.
To see the full list of the top 100 thus far, you can check out Ars Technica’s full roundup — by the way, just over a third (4.6 million) of the cracked passwords were unique, so it seems that the cheaters had more in common than just bad intentions for their marriage.
So let this be a warning: If you’re logging into some illicit site, do better than 123456.
Editors' Recommendations
- Are you using one of these passwords? If so, it’s time for a change
- Flipboard hack prompts password reset for millions of users
- It’s time to change your password again as Dell reveals attempted hack
