Hackers crack 11 million AshleyMadison.com passwords. Hackers found a major error in how passwords were handled on the website. They claim to have cracked 11 million of the 36 million password hashes stored in the database. Ashley Madison stored passwords in hashed form — a common security practice — using a cryptographic function called bcrypt. Bcrypt is more computationally intensive than some other functions like MD5, which favors performance over brute-force protection. The team found two locations in the code where passwords were generated in slightly different ways.”]