A group of hackers which calls itself CynoSure Prime has cracked more than 11 Million user hashed passwords protected with Bcrypt. The team has analyzed the dump leaked online by the attackers and it has discovered a security issued in the login tokens used by the website. The idea behind the attack is to bruteforce the MD5 tokens of Ashley Madison accounts instead trying to crack the Bcrypt algorithm. Experts estimated that nearly 15 million accounts could be compromised with this technique. Ashley Madison users urge to change their password now, taking care to change it if they used the same login credentials on other websites.”]
Source: https://securityaffairs.co/wordpress/40046/hacking/ashley-madison-pwd-crack.html

