New leak: 43 million Last.Fm accounts published online

On LeakedSource site published a database containing more than 43.5 million data users accounts strimingovogo service Last.Fm. Reportedly, the data was stolen back in 2012 - then the service was subjected to a hacker attack.

What is the problem

In 2012, Last.Fm representatives acknowledged the hacking, but did not do it right away, and so far the extent of the leak was unclear. By the way, in the same 2012, the data of Dropbox users was stolen , however, there is no information on whether these attacks are related. The LeakedSource, which had a copy of the stolen password database at its disposal, indicates that they were stored as MD5 hashes without salt.

The algorithm used does not provide serious data protection in case of hacking - it took just two hours to crack hashes and recover 96% of passwords from LeakedSource representatives

Representatives of the resource also note the fact that Last.Fm users use extremely weak passwords:

• 255 319 people used the string 123456 as a password;
• 92,652 users set the word 'password' as a password;
• Nearly 67,000 chose the password 'lastfm';
• About 64,000 users settled on 123456789;
• Another 46,000 people chose the password 'qwerty';
• Nearly 36,000 people used the password 'abc123'.

What to do to users

Last.Fm user data was added to the LeakedSource resource database - to find out if their information was "merged", users can use the search on the main page of the site. Even if the account is not compromised according to this resource, it makes sense to change the password to Last.Fm. If this password is used on other resources, then the credentials should be changed there.

Hacks like the one described recently have been happening regularly. Last.Fm became another major service that got into the company on LinkedIn, MySpace, VKontakte, Tumblr and Dropbox, whose user data also leaked to the network.