Antivirus and security provider Avast, has been looking through the passwords leaked by Ashley Madison hackers, and it appears that a significant number of exposed clients used very weak passwords, such as “123456” and the word “password”.

Weeks ago, a cheating website called Ashley Madison was hacked, exposing confidential information of over 30 million users around the world. Suicides associated with the leak have been reported, extortion coming from hackers have also been happening, and a series of lawsuits are currently taking place against the company. Among the information published there were private membership information such as names, email addresses, and detailed sexual preferences.

Credit: Fusion
Credit: Fusion

However, experts have determined that despite the fact that the website was indeed making itself vulnerable to the data breach in the first place, Ashley Madison did secure its users by applying bcrypt-hashed passwords. However, not even the best encryption can fully protect a weak password.

Avast announced in a new report that what they found were among the worst, most common passwords they could ever imagine, despite the fact that clients knew they were registering into an adultery website. To analyze the passwords, the security company had to look at the first million passwords from the Ashley Madison database and determine which of them were the weakest. They compared the available information with a list from 2008 called the “500 worst passwords of all time,” and with another list that includes 14 million passwords from the 2009 Rockyou hack, using a password-cracking utility known as hashcat.

After the process, Avast was able to rank the top 20 most popular (and not at all recommended) Ashley Madison passwords. They were:

1) 123456

2) password

3) 12345

4) 12345678

5) qwerty

6) pussy

7) secret

8) dragon

9) welcome

10) ginger

11) sparky

12) helpme

13) blowjob

14) nicole

15) justin

16) camaro

17) johnson

18) yamaha

19) midnight

20) chris

However, Avast says that the list comes from the first million Ashley Madison passwords after it was launched in 2001, so perhaps users weren’t that concerned about their privacy as they might be now.



A new lawsuit in federal court in Chicago is one of the latest suits filed against Ashley Madison website, after the leak of information from 36 million users worldwide. The demand alleges that the site failed to protect the security of confidential information.

Chicago-based attorney Joseph Siprut filed it on behalf of an individual referred as “John Doe.” The 25-page suit includes Ashley Madison’s owner, Avid Life Media.

Other suits have been filed in several states, including California and Texas. Moreover, two individuals from Canada had reportedly committed suicide due to the leak.

Many others have been victims of extortion from the hackers. Some users have reported that the team of hackers have contacted them via email in order to request amounts up to $500,000 in exchange of not making public any of their information.

Source: Avast