43 million Last.fm users' passwords were stolen, so stop using that one old password already
Business Insider
The music streaming site and social network disclosed several years ago that it had been reached, informing users in a statement that "we are currently investigating the leak of some Last.fm user passwords," and prompting all users to change their passwords.
Now, breach monitoring service LeakedSource has received the stolen user data and analysed it - and says that all in all, 43,570,999 users' details were affected.
The stolen info included user email addresses, and passwords. Passwords were encrypted, but not securely by modern standards: They used the outdated MD5 hashing method to secure them, and didn't "salt" them - a way to make encrypted passwords harder to crack.
As a result, "it took us two hours to crack and convert over 96% of them to visible passwords," LeakedSource says.
The site's analysis of the password reveals that the most popular passwords were extremely weak. 255,319 people used the phrase 123456, while 92,652 used password. In third place was lastfm with almost 67,000, followed by 123456789 (just under 64,000), qwerty (46,000), and then abc123 (36,000).
Old data breaches like this can often result in new hacks of user accounts on other websites - because lots of people re-use the same passwords over and over. Would-be hackers comb through archives of old breaches for usernames and passwords and then try them on other sites and services. There has been a spate of hacks targetting high-profile Twitter accounts in recent months, including Facebook CEO Mark Zuckerberg and Kylie Jenner, using exactly this tactic.
And hackers were able to steal the details of nearly 70 million users from Dropbox back in 2012 because an employee who had access to the information had re-used a password - so a hacker was able to gain access to his account via a previous breach of another site.
Security experts recommend you should use a strong, unique password for every site or service you sign up for - using a password manager app to record them all if necessary.
NOW WATCH: The best way to use incense in 'Pokémon GO'
- 2 states where home prices are falling because there are too many houses and not enough buyers
- US buys 81 Soviet-era combat aircraft from Russia's ally costing on average less than $20,000 each, report says
- A couple accidentally shipped their cat in an Amazon return package. It arrived safely 6 days later, hundreds of miles away.
- 9 health benefits of drinking sugarcane juice in summer
- 10 benefits of incorporating almond oil into your daily diet
- From heart health to detoxification: 10 reasons to eat beetroot
- Why did a NASA spacecraft suddenly start talking gibberish after more than 45 years of operation? What fixed it?
- ICICI Bank shares climb nearly 5% after Q4 earnings; mcap soars by ₹36,555.4 crore