This wasn't the PW hashing fucntion. The new method hashes using the bcrypt of t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		thedz on Sept 10, 2015 \| parent \| context \| favorite \| on: How we cracked millions of Ashley Madison password... This wasn't the PW hashing fucntion. The new method hashes using the bcrypt of the password, which they do have.

bradleyjg on Sept 10, 2015 [–]

Bingo. All they had to do is delete all the login tokens. Users with what would have otherwise been a valid cookie would have had to re-log in, but that's a minor inconvenience that's expected to happen from time to time.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact