I used to hear horror stories about taking the exam. Today people tell a much, much different story. The exam is now simply used as a benchmark or checkbox to admission for most security positions.

If you knew what you were doing before, knowledge and experience now take a back seat to increasing certified individuals for a little in demand market.

At over 125,000 passed exams it really cannot nor should not be considered "difficult" any longer.

I just passed it Wednesday and it was pretty tough...   I wouldn't want to do it again.  I memorized the Conrad book and could probably write it from scratch. 

I reached out to a few people online who (as you said) passed after studying "only a few weeks" and found some surprising hidden facts.

For example, in one case the individual had technically studied for "only four weeks" -- yet when pressed he opened up and stated he had taken those four weeks off work, studied 10-12 hours per day nonstop, and had 18 years hands-on security experience at multiple levels. He also stated there was "no way" he would have been able to study "just a few weeks" while working a full-time job and not having that extensive experience behind him. Others had similar stories -- overstudied, many years experience, or some combination.

So I'm not sure I would completely accept public statements as the only source, since there will be a bit of availability bias there as well -- more people will want to brag about passing than admit failure, regardless of the test method used.

I'll also add that a colleague of mine just passed a few weeks ago and rated it as the most difficult test he has ever taken in his life. And he has 20+ years IT experience.