LeakedSource said that the algorithm is “so insecure” that it was able to decipher over 96 percent of passwords in just two hours.
Advertisement
The database also contained hashed passwords, scrambled with the MD5 algorithm that nowadays is easy to crack. Of those, LeakedSource cracked 30,389 or 68%, and said that the remaining 91% of user passwords were hashed with “sha256crypt”, which would take it nearly a year to crack an estimated 60-70% of them.
“We are now investigating the leak of some Last.fm user passwords”.
The disclosure of details from the historical Last.fm hack can be added to a growing list of recent and historical hacks coming to light, including surprisingly many through LeakedSource who claim to have even more databases to analyze before publishing the details.
LeakedSource said it obtained the stolen data from someone with the Jabber ID [email protected]. Passwords were encrypted, but not securely by modern standards: They used the outdated MD5 hashing method to secure them, and didn’t “salt” them – a way to make encrypted passwords harder to crack.
Last.fm now joins the ranks of other major services that have been breached and their data dumped online, either on Dark Web marketplaces or into the vaults of data breach index services like LeakedSource.
While Last.fm never revealed technical details of how the breach took place, some weak security measures were surely into play. Twitter hasn’t suffered a data breach, as far as we know.
If you have a Last.fm account and want to find out if it has been compromised, you can do so over at Leaked Source’s search engine. 255,319 people used the phrase 123456, while 92,652 used password.
Advertisement
Softpedia has reached out to Last.fm to inform the company about the data dump’s ressurgence and for additional comment but has not received an answer in time for this article’s publication.
