The infamous Ashley Madison breach makes further headlines, this time revealing weak and unimaginative passwords used to access Ashley Madison accounts.

The recent breach of extramarital affairs website Ashley Madison has resulted in millions of account details including personal information being dumped online. Multiple times.

In the aftermath of the online dump, a password cracking group discovered that programming errors by Ashley Madison meant that they were able to decipher over 11 million ‘unbreakable’ passwords in a week’s time.

Despite its many vulnerabilities leading to the breach, Ashley Madison did embrace robust encryption for its user passwords using the ‘bcrypt’ algorithm.

Related article: Online Dating Site Ashley Madison Hacked

However, a new report issued by security firm Avast notes that many of Ashley Madison users’ passwords are among the weakest and most common passwords used to secure their adulterous dating accounts. A weak password, even encrypted – is still weak.

The Weakest Passwords Used by Ashley Madison Users

Avast used two well-known password lists for the crack, namely: the 14 million password list from the ‘rockyou hack’ of 2009 and more appropriately – The Top 500 Worst Passwords of All Time.

Using password cracking utility ‘hashcat’ for the first million passwords, Avast has cracked 26,393 hashes so far, out of which 1,064 were unique passwords.

Avast posted a list of the top 20 passwords cracked from the data it has accessed so far. They are:

123456 password 12345 12345678 qwerty pu**y secret dragon welcome ginger sparky helpme blo*job nicole justin camaro johnson yamaha midnight chris

For comparison, the top 20 most common passwords from the 500-worst list are:

123456 password 12345678 1234 Pu**y 12345 dragon qwerty 696969 mustang letmein baseball master michael football shadow monkey abc13 pass fu*kme

It’s important to note that the password list derived from the first million Ashley Madison accounts that are likely to have been created during the initial years of the website, back in 2001.

The later batches of cracked passwords will make for interest insight to see if Internet users have gotten better in creating more secure passwords.