September 14, 2015

ASHLEY MADISON AGAIN SMASHED : BCRYPT PASSWORDS UNZIPPED!

ASHLEY MADISON AGAIN SMASHED : BCRYPT PASSWORDS UNZIPPED!

Ashley Madison, the famous name in infidelity and married dating has been experiencing a series of hacker attacks over the last few weeks.
For details over the past events,to check out: Click Here

After the sensitive data breach sized 100 Gigabytes last month, Ashley Madison is now rattled with the leak of cryptographically protected i.e. highly secured passwords pertaining to 11.4  Million cheaters.

The superfast Hackers team named “Cynosure Prime” has brute-forced the super secure hashed passwords, that were cryptographically encrypted using Bcrypt algorithm , like a bat out of the hell in just 10 days. Bcrypt algorithm slows the hashing process down to such an extent that cracking all the account passwords pertaining to The Ashley Madison becomes a centurial process.

VECTOR TO CRACK PASSWORDS!

Usage of a weak and fast hashing algorithm, MD5 by some of the login tokens became the vector for the password crackers to accomplish the task. Since all the Madison accounts don’t employ MD5 algorithm, 15 million accounts using MD5 out of 37 Million accounts are expected to be attacked.
Thus, the password-cracking team cracked the MD5 tokens and bagged the passwords of 11.4 Million accounts in a plain text format. The remaining 4 Million account passwords will be cracked within next 7-8 days, claimed Researchers.

For the time-being, an advisory stating some standard prevention steps for the users to change their passwords has been declared.

  • Different login credentials with respect to the other websites, like ebay or paypal should be used to prevent hackers from breaking into those accounts.
  • Usage of strong and different passwords should be ensured.
  • Employ a good “Password manager” for password Management.