/>
X

Last.fm password leak could affect millions of users

Last.fm is investigating a data breach that security experts believe could see several million users' passwords exposed
tom-espiner.jpg
Written by Tom Espiner, Senior Reporter on

Millions of Last.fm users may have been affected by a password security breach, according to computer security experts.

Last.fm confirmed it was investigating a breach on Thursday, and warned all of its users to change their passwords in a security advisory.

"We are currently investigating the leak of some Last.fm user passwords," said the company. "This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we're asking all our users to change their passwords immediately."

Up to 17.3 million unique MD5 hashes — which can be cracked to indicate unique passwords — appeared on a hacking forum in 2011 and could be used to reveal Last.fm users' passwords, according to security company KoreLogic.

"The list has been 'out there' for a long time," one of the KoreLogic team said in a Reddit comment on Thursday. "I talked about it privately at 2011 DEFCON. It was originally posted by 'bad guys' on password cracking websites last year. I grabbed it, but it was promptly deleted."

Common Last.fm passwords included 'lastfm', 'last' and 'love', said KoreLogic, which will host the 'Crack Me If You Can' competition at the DefCon 2012 security conference.

Computer security publication Heise Security put a more conservative number of around 2.5 million unsalted MD5 hashes as being compromised. Heise said it had a list of 'unsalted hashes that are trivial to crack', and that at least one million hashes had been cracked, and passwords posted on the internet.

Last.fm, a sister company to ZDNet UK, joins social networking site LinkedIn and dating site eHarmony in disclosing that user passwords had been compromised this week.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Related

He flew American Airlines, she flew United. For both, the unthinkable happened
screen-shot-2022-06-30-at-10-14-36-am.png

He flew American Airlines, she flew United. For both, the unthinkable happened

Business
Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web
close-up-of-a-womans-hands-typing-on-a-keyboard-in-the-dark.jpg

Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web

Security
CERN is firing up its Large Hadron Collider at record energy levels, in search of dark matter
cern-photo-202011-145-2.jpg

CERN is firing up its Large Hadron Collider at record energy levels, in search of dark matter

Innovation