11 million Ashley Madison passwords have already been cracked

[Exterminator]

Content source

http://www.neowin.net/news/11-million-ashley-madison-passwords-have-already-been-cracked

After the recent hack of infidelity website Ashley Madison, and the subsequent data dump, one area of solace was that the website seemingly encrypted user passwords securely. However, it has now been revealed that alongside the securely encrypted passwords were millions of others passwords that were hashed using the insecure hashing algorithm MD5. A team going by the name CynoSure Prime posted on Thursday about their success in cracking over 11.2 million passwords by exploiting the MD5 hashes.

Instead of cracking the slow bcrypt hashes directly, which is the hot topic at the moment, we took a more efficient approach and simply attacked the md5 […] tokens instead.

[...] we had in fact solved millions of bcrypt hashes...in days, not years. As of posting our team has successfully cracked over 11.2 million of the bcrypt hashes.

The team’s approach has granted them much more success than those trying to crack the bcrypt hashes directly. Researcher Dean Pierce attempted this and managed to reveal only 4000 passwords over 5 days.

Whilst the team have not revealed the list of passwords they were able to obtain, the details of their approach would allow others to replicate their work and they may not be so benevolent. This is yet another reminder not to engage in password reuse and to ensure you use complex passwords.

Source: CynoSure Prime Blog

 

[Tony Cole]

Personally I think this website and their owners is a disgrace, why cheat via a website, just spare your boyfriend, girlfriend, husband or wife the pain and be honest. I hope the site does/is shut down.

 

[Deleted member 178]

Personally I think this website and their owners is a disgrace, why cheat via a website, just spare your boyfriend, girlfriend, husband or wife the pain and be honest. I hope the site does/is shut down.

I have to disagree , this site is a benediction. Sometimes you lost pleasure with your companion for whatever rrasons but you have too many shared stuff (business, childs, house, etc...) so separating is not an option.

Back to the topic , lucky the hackers didnt revealed the members profiles

 

[Exterminator]

Morality usually gets overlooked when there is an opportunity to make money especially when the demand is obviously there.
Whether it is right or wrong that is something that those who are customers have to come to terms with by themselves.On the flip side just because the nature of the business might be immoral to some doesn't make it OK to hack it and release personal information.That in itself carries it's own morality issues.Just because some find something disgusting and or immoral they hack it in the name of morality.I believe that is also a crime.Those who are customers have committed no crime,at least in the eyes of the law.
The lesson here is not really one of morality but that you better use good judgement where you go and what you do online.More importantly who you give your personal information to.