User data harvested from the 2012 Last.Fm security breach was published on the Internet. 43 million usernames and passwords are available for criminal use.
The Last.fm Dump Has Data from the 2012 Security Breach
The incident occurred in June 2012 when Last.Fm detected a security breach that resulted in a forced password reset issued by the security staff of the service. Multiple users reported receiving spam messages and 1.5 million account passwords were posted on a security forum. This lead to the conclusion that a security breach has occurred. The Last.fm staff did not reveal any details about the issue. However, security experts suspect that weak security measures were one of the main reasons.
Now 43 million usernames and passwords have been posted online, all of them harvested from this single incident. The information was posted by Leaked Source, a legitimate source of information. The site reported that it about two hours to crack 96% of the passwords as they used an unsalted MD5 hashing algorithm that is very easy to penetrate.
The exposed data includes username, email address, password, join date and internal service data such as campaign hits, banned users, newsletter details, user invites, web player details, and more.
Several experts have validated the claims by accessing some user accounts. The Leaked Source website has reported that the dump was given by a person using the Jabber ID [email protected]. This makes Last.fm only the last victim of major account leaks against top companies.
Last.fm is a popular service used by millions of users worldwide. It provides them the ability to “scrobble” the music they listen to by sharing it with the Internet using plugins for the most popular music players. The service profiles each user based on their music preferences and creates playlists that match the taste of the users. Discussion forums are also available for their convenience. The service is mainly funded by advertising and paid subscription.