This article was published on September 11, 2015

It took just 10 days to crack over 11 million Ashley Madison passwords


It took just 10 days to crack over 11 million Ashley Madison passwords

A cracking team called Cynosure Prime has deciphered over 11.2 million passwords from the recent Ashley Madison hack in just 10 days, thanks to a programming blunder that made the task surprisingly easy.

After the hackers publicly leaked mountains of documents, emails and data including roughly 37 million users’ details, Cynosure Prime sifted through the site’s source code and found 15.26 million passwords that were secured using MD5, a hashing algorithm that’s faster than others like bcrypt, but far less effective.

One of the group’s members estimates that the blunder made by Ashley Madison’s security team allowed them to crack these passwords about a million times faster than if they attempted to decipher the bcrypt hashes.

In order to protect end users, Cynosure Prime isn’t releasing the passwords it’s cracked. However, it’s detailed all the steps necessary to replicate the passcode recovery.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

That doesn’t mean just about anyone can try it at home. You’ll still need plenty of computing power and specialized software to crack the passwords yourself.

The group’s efforts and discoveries underline the need for Web-based businesses to implement sophisticated security measures that go beyond protecting their servers from attacks.

Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked [Ars Technica]

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Published
Back to top