11 million passwords from Ashley Madison uncovered

There are reports of revelation of millions of Ashley Madison's passwords. A team of password-cracking hobbyists found mistakes in the encryption of approximately half of the 32 million stolen accounts on the website. The password-cracking hobbyists examined the data that the Ashley Madison hackers released.

The password cracking squad, called CynoSure Prime, hacked 11 million passwords from accounts of Ashley Madison customers. Initially, the group's findings were published in a report by ArsTechnica.

It was found by CynoSure Prime that two bizarre errors were made by Ashley Madison when it encrypted approximately 15 million customer passwords. The first mistake was that it changed all of them to lowercase letters and the second mistake was that it operated a very weak encryption algorithm on the passwords.

When it comes to protecting passwords, these two things should definitely be avoided.For instance, if one's password for Ashley Madison was "Password", it might have converted by the website into: "5f4dcc3b5aa765d61d8327deb882cf99". One may think that it is not easy to crack, but indeed it is.

Appropriately encrypted, "Password" would look very complex and basically is impossible to crack: "$2a$10$ci9jdQQRdTe4U2wIncJt9uRs.HKatci/30iJcXDzsfqtX4APwTaLS".

According to CynoSure Prime, the less-safe encryption tool that was used by Ashley Madison is nearly a million times quicker to crack than the one that is more robust. It is still not known that why Ashley Madison made use of one encryption tool for one subset of passwords and a different tool for the other passwords. A spokesman for Avid Life Media, Ashley Madison parent company did not say anything when asked for comment.