43.5 MILLION LAST.FM ACCOUNT DETAILS SURFACE AFTER FOUR YEAR OLD DATA BREACH
Last.fm has become the latest service to have data from a historic breach become public online, according to reports. 43.5 million users’ details were stolen from the music site in March 2012, but breach-tracking service LeakedSource has now obtained a copy of the database.
According to the site, each record includes a username, email address, password, join date and some other data used internally by Last.fm.
The passwords were stored using unsalted MD5 hashing, allowing LeakedSource’s experts to convert more than 96 per cent of them to visible passwords in two hours.
“123456”, “password” and “lastfm” were the most popular passwords, reflecting the poor level of user security shown in other recent breaches.
“Music service Last.fm was hacked on March 22nd, 2012 for a total of 43,570,999 users,” LeakedSource said in a blog post analysing the data.
“This data set was provided to us by email@example.com and Last.fm already knows about the breach but the data is just becoming public now like all the others.”
Last week, 68 million Dropbox users were put at risk after a database from a previously-disclosed 2012 data breach was uncovered by researchers.
A batch of Twitter usernames and passwords were also discovered by LeakedSource, although it is believed the users were hacked, rather than Twitter itself.
It said it has “so many databases waiting to be added that if we were to add one per day it would take multiple years to finish them all”.
The breach-tracking website added it was “processing multiple more mega breaches”.
As always, users caught up in data breaches are advised to change their passwords both on the breached site and on any services where they used the same credentials.