Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Stole Over 43 Million Last.fm Accounts In 2012 Breach (zdnet.com)

Posted by msmash on from the security-woes dept.

The aftermath of 2012's infamous hack is shaping up to be more serious than we had anticipated. An anonymous reader writes: Last.fm suffered a data breach back in 2012, but details of the attack were not disclosed. On Thursday, breach notification site LeakedSource, which obtained a copy of the database and posted details of the hack in a blog post, said more than 43.5 million accounts were stolen.

The database also contained hashed passwords, scrambled with the MD5 algorithm that nowadays is easy to crack. LeakedSource said that the algorithm is "so insecure" that it was able to decipher over 96 percent of passwords in just two hours.

4 of 25 comments (clear)

  1. 2012... by __aaclcg7560 · · Score: 2

    Although the world didn't end in 2012, hackers were quite busy that year.

  2. Re:why last.fm? by Cajun+Hell · · Score: 3, Informative

    The usual: password re-use. You use this list to try to break into somewhere else.

    --
    "Believe me!" -- Donald Trump
  3. Re:Mandatory Search Tool by TechyImmigrant · · Score: 2

    Someone has a MD5 search to see if your password shows up:
    https://lastpass.com/lastfm/

    When I try it, it throws an error ... anyways ...

    I should put one of those up. It's a great way to harvest passwords.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  4. Re:Wrong lessons by UnknownSoldier · · Score: 2

    Agreed !

    Site A: super secure secret hashing function.
    Site B: a different super secure secret hashing function.
    Site C: crappy hashing function

    Dumbass user: Re-uses same password on all three sites. BOOM, all three sites are now compromised. You're only as strong as your weakest link.

    The lessons should be:

    * Use an unique password for every site
    * Use a password manager