New leak: 43 million accounts Last.Fm published online

On the site LeakedSource published a database containing the data of more than 43.5 million accounts of users of the streaming service Last.Fm. As reported, the data was stolen back in 2012 - then the service was subjected to a hacker attack.

What is the problem

In 2012, representatives of Last.Fm acknowledged the fact of hacking, but did not do it immediately, and the scale of the leak was still not clear. By the way, in the same 2012, data of Dropbox users were stolen , but there is no information yet on whether these attacks are connected. The LeakedSource resource, which has a copy of the stolen password database, indicates that they were stored as MD5 hashes without salt.
')
The algorithm used does not provide serious data protection in the event of a hacking — hacking and recovering 96% of the passwords of the LeakedSource delegates took only two hours.

Representatives of the resource are noted by the fact that Last.Fm users use extremely weak passwords:

• 255 319 people used 123456 as a password;
• 92,652 users set the word 'password' as the password;
• Nearly 67,000 have chosen the password 'lastfm';
• About 64,000 users opted for 123456789;
• Another 46,000 people chose the password 'qwerty';
• Nearly 36,000 people used the password 'abc123'.

What users do

The data of Last.Fm users was added to the LeakedSource resource base - to find out if their information was “merged”, users can use the search on the home page of the site. Even if, according to this resource, the account is not compromised, it makes sense to change the password to Last.Fm. If this password is used on other resources, then the credentials should be changed there.

Hacking, like the one described, recently happen regularly. Last.Fm has become another major service that has joined LinkedIn, MySpace, VKontakte, Tumblr and Dropbox, whose user data has also flowed into the network.