Data breach and hacking notification site LeakedSource has uncovered new information regarding the 2012 hack on Last.fm. Although the service issued a mandatory password change years ago, the scope of the hack is frightening to say the least.
According to the site, a total of 43,570,999 Last.fm users had their accounts compromised on March 22, 2012. Each record contained a username, e-mail address and password as well as some other internal data. Worse yet, the passwords were stored using unsalted MD5 hashing which was cracked at an accuracy rate of 96 percent in just two hours.
Unsurprisingly, the cracked password data reveals that many people used the most mundane of passwords. For example, the password, “123456” was used by more than a quarter of a million people while “password” was the password of choice for more than 90,000 members. “lastfm” was also a popular choice, as was “123456789” and “qwerty.” As for e-mail providers, most used Hotmail, Gmail and Yahoo Mail (in that order).
The data also provides an interesting look at the site’s growth over the years. In 2002, for example, Last.fm added 3,455 users – a figure that climbed to 33,234 a year later. It wouldn’t be until 2006 that the site added more than a million users in a single year. Based on the breached data, Last.fm hit its peak in 2009 when it added more than 10.5 million users.
In retrospect, 2012-2013 was a seriously bad time for data breaches. In recent months, breaches from that time period involving Dropbox, VK.com, LinkedIn, Myspace and Tumblr have cropped up and according to LeakedSource, there are countless databases in queue that they haven’t even probed through yet.