+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

43 million Last.fm users' passwords were stolen, so stop using that one old password already

Sep 2, 2016, 14:29 IST

Business Insider

Last.fm was hacked in 2012 - and we're now learning just how serious it was.

Advertisement

The music streaming site and social network disclosed several years ago that it had been reached, informing users in a statement that "we are currently investigating the leak of some Last.fm user passwords," and prompting all users to change their passwords.

Now, breach monitoring service LeakedSource has received the stolen user data and analysed it - and says that all in all, 43,570,999 users' details were affected.

The stolen info included user email addresses, and passwords. Passwords were encrypted, but not securely by modern standards: They used the outdated MD5 hashing method to secure them, and didn't "salt" them - a way to make encrypted passwords harder to crack.

As a result, "it took us two hours to crack and convert over 96% of them to visible passwords," LeakedSource says.

Advertisement

The site's analysis of the password reveals that the most popular passwords were extremely weak. 255,319 people used the phrase 123456, while 92,652 used password. In third place was lastfm with almost 67,000, followed by 123456789 (just under 64,000), qwerty (46,000), and then abc123 (36,000).

Old data breaches like this can often result in new hacks of user accounts on other websites - because lots of people re-use the same passwords over and over. Would-be hackers comb through archives of old breaches for usernames and passwords and then try them on other sites and services. There has been a spate of hacks targetting high-profile Twitter accounts in recent months, including Facebook CEO Mark Zuckerberg and Kylie Jenner, using exactly this tactic.

And hackers were able to steal the details of nearly 70 million users from Dropbox back in 2012 because an employee who had access to the information had re-used a password - so a hacker was able to gain access to his account via a previous breach of another site.

Security experts recommend you should use a strong, unique password for every site or service you sign up for - using a password manager app to record them all if necessary.

NOW WATCH: The best way to use incense in 'Pokémon GO'

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article