Last.fm had close to 43 million accounts hacked back in 2012, and just like any other recent hacking revelation, the details are coming out now.
The online music service advised all of its users to make a password reset back in 2012 when they suffered the hack. This was after the responsible hackers had posted users passwords they had taken onto a password cracking forum. The hackers had posted the passwords in their hashed form and were probably looking to see if they could get help to decrypt the passwords. After the hack, also made changes to the way they stored their passwords because they had admitted that prior to the hack, they stored their passwords with the weak MD5 algorithm and they had not salted the passwords.
Back then no one could put a number on the amount of stolen account details, but details now seem to be emerging out at the moment. LeakedSource, the breach notification service said it managed to get hold of close to 44 million accounts. The leaked data also seems to include usernames, email addresses, account passwords, date of registration for users and other internal data. The hacking incident was first reported back in 2012, but many researchers at the time indicated that the hack might have happened a few months earlier than that. LeakedSource managed to confirm that the hack had actually taken place on March 22, 2012.
Within two hours, LeakedSource had already managed to break down 96 percent of the weakly encrypted unsalted MD5 passwords. The passwords were also analyzed and it seemed to show that not only are they easy to crack, but they were also easy to guess. Some of them were, 123456, password, lastfm, and 123456789.
Revelations about hacking incidents that happened in 2012 have been coming out recently. Another 2012 victim is Dropbox and it was revealed that 68 million accounts from the site had been taken. Fortunately for Dropbox, their passwords were better encrypted with salted SHA1 and bcrypt, therefore they were a bit harder to crack.
Last.fm was contacted for comment and they have not replied to the requests.
LeakedSource has been putting different breaches that happened on its database which it says already houses close to 2 billion leaked records. The site also said they were looking to add more from the mega breaches that have happened over the years. The company said that they had many databases to add that if they were to add once a day it would take years to finish them all.
Some of the mega breaches that have come to the forefront this year but happened years back include those of Mail.Ru, VK.com, LinkedIn, MySpace and Tumblr.