Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

This is the worst password from the Ashley Madison hack

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 27 Aug 2015 10:22:44 +0000 (UTC)
http://www.zdnet.com/article/these-are-the-worst-passwords-from-the-ashley-madison-hack/

By Zack Whittaker
Zero Day
ZDNet.com
August 26, 2015
When hackers swiped an estimated 36 million accounts associated with AshleyMadison.com, a site which helps married people cheat on their partners, there was a rush to find out what had been stolen.
A month after the breach was reported, hackers released the first cache of stolen data. Email addresses, credit card transactions, and more were leaked on August 18. More data, released days later, included internal emails at the website's parent company, Avid Life Media.
The tens of millions of passwords, though leaked, were hashed, meaning they were cryptographically scrambled using a feature known as bcrypt. (Many other websites that have suffered leaked data have either used weak cryptography to hash the passwords, or none at all.) Robert Graham at Errata Security said in a blog post this was a "refreshing change," because it means users with strong passwords are "safe." 

But, for weaker passwords, the same cannot be said.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: