(Reuters/Chris Wattie)

When data from the massive Ashley Madison hack first leaked online, one tiny bright spot was that researchers said the company appeared to use a strong algorithm to encrypt users passwords. But now one group says it already decoded more than 11 million passwords because programming errors in how that encryption was applied left the information less secure than originally thought.

And the passwords unearthed by the decoding hobbyists, known as CynoSure Prime, so far suggest that many who were seeking thrills on the infidelity-focused site had poor digital hygiene.

The top password uncovered so far: 123456, according to Ars Technica. The other passwords that made the top five aren't much better: 12345, password, DEFAULT, and 123456789.

But those (awful) passwords shouldn't be too surprising: By some surveys, "123456" has been the most popular password uncovered in data breaches during the past two years. 

As a quick reminder, using super common passwords makes it much easier for bad guys to just guess their way into your accounts. And it's a bad idea to reuse passwords, too -- otherwise, a malicious hacker might be able to leverage a password uncovered in one breach to break into one of your other personal accounts.

Need some more password security tips and tricks? Click here.

Avid Life Media, Ashley Madison's parent company, did not immediately respond to a request for comment about how the passwords were encrypted.

Hackers say they have posted the personal details of millions of people registered with the adultery website Ashley Madison. But this massive data breach could have widespread implications on how we all use the Internet. The Post's Caitlin Dewey explains. (Jorge Ribas/The Washington Post)