Last.fm Hack Exposes 43 Million User Passwords

Another day, another mega breach. This time, it’s social music website Last.fm, which was hacked in 2012 and over 43 million user accounts were compromised. The details of the breach were made public this week by Leaked Source, a website that tracks leaked databases. This comes off the back of revelations that a Dropbox hack that occurred a few years’ back let hackers get their hands on over 68 million user credentials. What makes this Last.fm breach worse is that the website used an insecure method to store its user passwords. Here are the details.

Last.fm was already aware that it had been hacked back in 2012 but the extent of the breach was unknown until Leaked Source got its hands on data that contained the username, email, address, password and other internal information of 43,570,999 Last.fm accounts.

What makes this Last.fm hack particularly bad is the way the passwords were stored. According to Leaked Source:

“Passwords were stored using unsalted MD5 hashing. This algorithm is so insecure it took us two hours to crack and convert over 96% of them to visible passwords, a sizeable increase from prior mega breaches made possible because we have significantly invested in our password cracking capabilities for the benefit of our users.”

Here are the five most common passwords that were used:

  1. 123456
  2. password
  3. lastfm
  4. 123456789
  5. qwerty

If you have a Last.fm account and want to find out if it has been compromised, you can do so over at Leaked Source’s search engine.

[Via Leaked Source]


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments