Skip to main content

These hacked Ashley Madison passwords are NSFW … or anywhere else, really

Ashley Madison
You’d think that people signing up to cheat on their spouses would want to be a bit more creative with their password choice, but you’d be wrong. Now that some 11 million of Ashley Madison’s supposedly un-hackable passwords have — shocker! — been cracked, the researchers behind this great feat have released the top 100 most common strings used to protect these users’ infidelity. The most popular? 123456, with 120,511 uses. Come on, guys. It’s like you want to get caught, or something.

Despite earlier claims insisting that it would take centuries to discover passwords to the 36 million compromised accounts, in all actuality, it was more just a matter of weeks before a group of password hackers, who call themselves CynoSure Prime, managed to unearth rather extensive programming errors that left more than 15 million passwords rather vulnerable. And already, the vast majority of the weakest members of the password herd have been taken down. With the rest of the top 10 including 12345, password, DEFAULT, 123456789, qwerty, 12345678, abc123, pussy, and 1234567, it really doesn’t seem like rocket science.

Related Videos

In a grand display of what is either hubris or just plain stupidity, the most common passwords used in Ashley Madison accounts are also the most common passwords used period. Of course, No. 9 is a notable exception, but that may speak more to the immaturity of the user base (slim pickings when it comes to cheaters, eh?).

For now, CynoSure Prime has decided not to release the passwords in full, though you’re more than welcome to study up on their methods here. Given the apparent relative ease and speed with which the group managed to get through the first 11 million, it seems only a matter of time (and not that much of it, at that), before they’re privy to the log in information of the rest of the 15 million weaker accounts, and perhaps the remainder of the compromised user base as well.

To see the full list of the top 100 thus far, you can check out Ars Technica’s full roundup — by the way, just over a third (4.6 million) of the cracked passwords were unique, so it seems that the cheaters had more in common than just bad intentions for their marriage.

So let this be a warning: If you’re logging into some illicit site, do better than 123456.

Editors' Recommendations

Several Epic Games forums were hacked; change your passwords now
paragon

The forums for Epic Games were hacked today, just the latest reminder of the dangers of using one password for all of your sites.

Odds are it won't ruin your life if someone steals your Epic Games forum account and starts posting unpopular opinions about Infinity Blade or Unreal. But if you use the same password on that site as you do for your email, or your bank, you're kind of screwed unless you change those passwords quickly.

Read more
FTC flouts conventional wisdom, says changing passwords often can do harm
A hand on a laptop in a dark surrounding.

Conventional wisdom takes another hit. For more than 30 years, one of the most common computer security tips has been to change your passwords often. Make them complex, don't use the same ones over and over, don't write them on sticky notes pasted to your monitor, and change them regularly. The FTC wants you to forget that last piece of advice, according to Ars Technica.

Speaking at PasswordsCon 2016 last week, Federal Trade Commission Chief Technologist Lorrie Cranor spoke about her own surprise when she left Carnegie Mellon University to work at the FTC. Cranor discovered that not only did the agency tell employees to encourage friends and family to change passwords often, she herself now had six new government passwords that she was required to change every 60 days.

Read more
Ashley Madison seeks to emerge from troubles with a major rebrand
ashley madison rebrand 388646

Adultery just got a rebrand. After a quiet few months that resulted from the massive 25-gigabyte data leak of late 2015, Avid Life Media (which owns and operates Ashley Madison) has announced its reemergence as Ruby Corp., and is further "repositioning its Ashley Madison flagship brand." As new CEO Rob Segal noted in a statement, "It's a new day at Ruby and renaming our Topco is an important step in our journey to completely rebuild the company as a relevant, digital dating innovator that truly cares for our customers."

Of the many changes slated for release, Segal notes that Ruby has finally done away with Ashley Madison's well-known, contentious slogan: "Life is Short. Have an Affair." Said Segal, "It was a limiting label that's out-dated and doesn't speak to the wide variety of connections people find on Ashley Madison. Close to 45 percent of our members are single, over 50 percent are attached and they are interested in a wide range of experiences." He added, "While remaining true to our roots, Ashley Madison needs to evolve, grow, and attune to modern sexuality in 2016." Which apparently, includes (but is not limited to) having an affair.

Read more