/

What happened in the Last Fm data breach?

What happened in the Last Fm data breach?

Twingate Team

Apr 17, 2024

In March 2012, music website Last.fm experienced a significant data breach that was not fully understood until September 2016. The breach involved unauthorized access to user accounts, and although Last.fm was aware of the incident, the true extent of the breach was not known until years later.

How many accounts were compromised?

The breach compromised data of approximately 37 million users.

What data was leaked?

The data exposed in the breach included email addresses, passwords, usernames, and website activity of the affected users.

How was Last Fm hacked?

In the 2012 Last.fm data breach, hackers managed to steal over 43 million user accounts, including email addresses, usernames, and passwords stored as unsalted MD5 hashes. The breach was not fully understood until 2016 when breach notification site LeakedSource obtained a copy of the database and decrypted over 96% of the passwords in just two hours. Specific details about how the hack occurred and the methods used by the hackers were not disclosed in the available sources.

Last Fm's solution

In response to the data breach, Last.fm took immediate action by asking all users to change their passwords as a precautionary measure. While specific enhanced security measures were not disclosed in the available sources, it can be inferred that Last.fm likely reviewed and updated their password storage methods, considering the unsalted MD5 hashing used at the time was deemed insecure. The incident also served as a reminder for users to create strong and unique passwords for their accounts to minimize the risk of future breaches.

How do I know if I was affected?

Last.fm has not explicitly mentioned reaching out to affected users in the available sources. However, if you're a Last.fm user and want to check if your credentials were compromised in this or any other data breach, you can visit HaveIBeenPwned.


What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.


Where can I go to learn more?

If you want to find more information on the Last.fm data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

What happened in the Last Fm data breach?

What happened in the Last Fm data breach?

Twingate Team

Apr 17, 2024

In March 2012, music website Last.fm experienced a significant data breach that was not fully understood until September 2016. The breach involved unauthorized access to user accounts, and although Last.fm was aware of the incident, the true extent of the breach was not known until years later.

How many accounts were compromised?

The breach compromised data of approximately 37 million users.

What data was leaked?

The data exposed in the breach included email addresses, passwords, usernames, and website activity of the affected users.

How was Last Fm hacked?

In the 2012 Last.fm data breach, hackers managed to steal over 43 million user accounts, including email addresses, usernames, and passwords stored as unsalted MD5 hashes. The breach was not fully understood until 2016 when breach notification site LeakedSource obtained a copy of the database and decrypted over 96% of the passwords in just two hours. Specific details about how the hack occurred and the methods used by the hackers were not disclosed in the available sources.

Last Fm's solution

In response to the data breach, Last.fm took immediate action by asking all users to change their passwords as a precautionary measure. While specific enhanced security measures were not disclosed in the available sources, it can be inferred that Last.fm likely reviewed and updated their password storage methods, considering the unsalted MD5 hashing used at the time was deemed insecure. The incident also served as a reminder for users to create strong and unique passwords for their accounts to minimize the risk of future breaches.

How do I know if I was affected?

Last.fm has not explicitly mentioned reaching out to affected users in the available sources. However, if you're a Last.fm user and want to check if your credentials were compromised in this or any other data breach, you can visit HaveIBeenPwned.


What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.


Where can I go to learn more?

If you want to find more information on the Last.fm data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

What happened in the Last Fm data breach?

Twingate Team

Apr 17, 2024

In March 2012, music website Last.fm experienced a significant data breach that was not fully understood until September 2016. The breach involved unauthorized access to user accounts, and although Last.fm was aware of the incident, the true extent of the breach was not known until years later.

How many accounts were compromised?

The breach compromised data of approximately 37 million users.

What data was leaked?

The data exposed in the breach included email addresses, passwords, usernames, and website activity of the affected users.

How was Last Fm hacked?

In the 2012 Last.fm data breach, hackers managed to steal over 43 million user accounts, including email addresses, usernames, and passwords stored as unsalted MD5 hashes. The breach was not fully understood until 2016 when breach notification site LeakedSource obtained a copy of the database and decrypted over 96% of the passwords in just two hours. Specific details about how the hack occurred and the methods used by the hackers were not disclosed in the available sources.

Last Fm's solution

In response to the data breach, Last.fm took immediate action by asking all users to change their passwords as a precautionary measure. While specific enhanced security measures were not disclosed in the available sources, it can be inferred that Last.fm likely reviewed and updated their password storage methods, considering the unsalted MD5 hashing used at the time was deemed insecure. The incident also served as a reminder for users to create strong and unique passwords for their accounts to minimize the risk of future breaches.

How do I know if I was affected?

Last.fm has not explicitly mentioned reaching out to affected users in the available sources. However, if you're a Last.fm user and want to check if your credentials were compromised in this or any other data breach, you can visit HaveIBeenPwned.


What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.


Where can I go to learn more?

If you want to find more information on the Last.fm data breach, check out the following news articles: