Ashley Madison hack: CynoSure Prime claims to have decrypted millions of passwords
The Ashley Madison hacking saga is still not over as a group of hackers called CynoSure Prime claimed to have decrypted the password of more than 11 million users of the cheating website.
CynoSure Prime's claims come after Ashley Madison has been put under the spotlight over a massive hacking incident that exposed the identity of its users. Despite the hack, the cheating website said its member population continued to increase, according to NYC Today.
CynoSure Prime is not the only entity claiming to have decrypted Ashley Madison passwords. Security firm Avast earlier said it has cracked more than 11,000 user passwords. However, the cheating website's developers said they used bcrypt encryption to ensure that the passwords of its more than 38 million subscribers will not be exposed, the report details.
Get Our Latest News for FREE
Fortunately, the hacking group has hinted that it will not release the decrypted Ashley Madison passwords online. The group just wanted to point out the security details that the application developers have overlooked so they could take efforts to better secure the site's user information.
After the hackers' data dump on Aug. 31, CynoSure Prime combed through the files and found loopholes in Ashley Madison's security system. Within 10 days, the group was able to decrypt almost 11.2 million user passwords, the report relays.
"Without much information about the $loginkey variable and how it was generated, we decided to dive into the second leak of git dumps," Latinos Post quotes CynoSure Prime in a blog post. "We identified two functions of interest and upon closer inspection, discovered that we could exploit these functions as helpers in accelerating the cracking of the bcrypt hashes."
Meanwhile, the Canadian cheating website has apologized for the hacking incident that exposed the identities and personal information of some of its users. In the wake of the massive hack, Ashley Madison has been slapped with lawsuits in Canada and in the United States for failing to protect user data. CEO Noel Biderman has also resigned after the data leak.
