Here’s yet another hack from 2012 where the data are now first circulating online. See previous coverage of the Last.fm hack here.
Today LeakedSource announced that they had added the Last.fm data to their repository:
Music service Last.fm was hacked on March 22nd, 2012 for a total of 43,570,999 users. This data set was provided to us by [email protected] and Last.fm already knows about the breach but the data is just becoming public now like all the others.
Each record contains a username, email address, password, join date, and some other internal data. We verified the legitimacy of this data set with Softpedia reporter Catalin C who was in the breach himself along with his colleagues.
[…]
Passwords were stored using unsalted MD5 hashing. This algorithm is so insecure it took us two hours to crack and convert over 96% of them to visible passwords, a sizeable increase from prior mega breaches made possible because we have significantly invested in our password cracking capabilities for the benefit of our users.
For additional analyses of passwords and emails, see LeakedSource.com. You can also go to their home page to search to see if your information was caught up in any incident they’ve archived.