Hackers stole over 43 million Last.fm accounts in 2012 breach

New details have now emerged about the historical hack.
Written by Zack Whittaker, Contributor

New details about a historical hack of music website Last.fm have come to light.

Last.fm, owned by CBS (which also owns ZDNet and sister website CNET), suffered a data breach in 2012, but details of the attack were not disclosed. Reports suggested the service had an estimated 40 million users at the time.

On Thursday, breach notification site LeakedSource, which obtained a copy of the database and posted details of the hack in a blog post, said more than 43.5 million accounts were stolen.

LeakedSource was able to confirm that usernames, email addresses, join date, and other internal records, such as newsletter sign-ups and ad-related data, were stolen in the breach

The database also contained hashed passwords, scrambled with the MD5 algorithm that nowadays is easy to crack. LeakedSource said that the algorithm is "so insecure" that it was able to decipher over 96 percent of passwords in just two hours.

ZDNet was able to independently verify the legitimacy of the data.

LeakedSource added the breached site and forum data into its database, which lets possible victims of the breach search their data.

Editorial standards