Last.fm suffered a data breach in 2012 but someone just dumped the data after 4 years.
Just like Internet movie database (IMDb), there is an online database for music fans and it’s called Last.fm. But the reason we are discussing Last.Fm it is that it suffered a security breach in June 2012 and now after 4 years hackers have leaked that stolen data on the Internet.
The data was verified by data breach notification site Leaked Source who also confirmed that the total number of compromised user accounts is 43,570,999 where each account contains a username, email address, password, date of joining and other related data.
Last.fm on the other hand, did release a statement back in 2012 acknowledging the hack however understandably the company wasn’t expecting the data to show up after 4 years. According to the Last.Fm’s statement in 2012:
“We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.”
In an exclusive conversation with one of the LeakedSource team members, HackRead was told that the leaked passwords were stored using unsalted MD5 hashing allowing the researchers to break 98% of the passwords.
Now we currently have 98% of last.fm passwords cracked and converted to plaintext, a 2% increase from yesterday
— LeakedSource (@LeakedSource) September 1, 2016
LeakedSource also said the reason behind these high-profile breaches from 2012 suddenly popping up could be that,
“There may have been an Apache or Linux 0day in 2012, however, proper security spending to detect intrusions would still have helped them tremendously.”
Here is a list of top 20 passwords used by Last.fm users and one must salute them for being so naive about their online security. The term “123456” was used by 255,219 users, the word “password” was used as a password by 92,652 users and 66,857 users used “lastfm” as their password.
This is the second massive breach that came in the news this week. Just a couple of days ago hackers dumped 68M Dropbox passwords from a breach that took place in 2012.