Jump to content
IGNORED

43 million passwords hacked in Last.fm breach

o00o

By o00o
in General Banter

Recommended Posts

o00o Grand Master

o00o

Posted
Posted

nobody uses this anymore right? still some of you might have old accounts there:

 

 

Crikey: 43,570,999 user accounts were breached in a hack of Last.fm that occurred in March of 2012, according to a report from LeakedSource. Three months after the breach, in June of 2012, Last.fm issued the following statement: 

 
“We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.”
 
The number of passwords and the severity of the hack were not uncovered until today. The passwords were stored using unsalted MD5 hashing. Rather than storing passwords in plaintext, nearly every site that stores critical user information utilizes some form of hashing. Hashing is a method for encrypting data, but some methods are far superior to others.
 
MD5 is seriously out of style, in part because it is not mathematically intensive enough to resist modern methods of brute-force cracking. Moreover, Last.fm didn’t use salt in its hashing process. Salting is the practice of adding a random string of numbers to the hash for each individual password, making them more secure and decreasing the likelihood that they will be cracked if the passwords are ever leaked online. Unfortunately, Last.fm did not take that step, and LeakedSource reports that most of the passwords were easily cracked.
 
For the second time this week, our advice is that you change your password immediately if you have an account on Last.fm. The most popular password pulled from the Last.fm database was 123456. Seriously, it’s 2016 people — use a platform like LastPass to generate randomized, complex passwords that are unique to every service for which you sign up.

 

https://techcrunch.com/2016/09/01/43-million-passwords-hacked-in-last-fm-breach/

Link to comment
Share on other sites
azatoth Grand Master

azatoth

Posted
Posted

i been wondering about using a password manager, but i am looking for a free non-intrusive program that works on phone, windows and ubuntu and also works when logging in on public computers. basically i have no idea how they work and need suggestions.

Link to comment
Share on other sites
mcbpete Grand Master

mcbpete

Posted
Posted

i been wondering about using a password manager, but i am looking for a free non-intrusive program that works on phone, windows and ubuntu and also works when logging in on public computers. basically i have no idea how they work and need suggestions.

Bizarrely it seems like the most secure way to store passwords nowadays is to just write them on a piece of paper that you keep with you ....
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

this probably hasn't been updated for the last.fm thing yet, but it's pretty useful:

 

https://haveibeenpwned.com

 

I've been guilty of re-using a weak default password on multiple sites in the past, several of these show up as breached if I enter my email addresses into the site above. Pretty sure there are still multiple old logins to various sites flying around where one would just need to copipasta the credentials...

 

Using iCloud keychain now, it's a pretty minimal & neat password manager which is integrated nicely into Safari & syncs across devices.

Link to comment
Share on other sites
Kennylogg Bubblebath Veteran

Kennylogg Bubblebath

Posted
Posted

I still scrobble but don't really use the site itself anymore.

 

 

MD5 is seriously out of style, in part because it is not mathematically intensive enough to resist modern methods of brute-force cracking. Moreover, Last.fm didn’t use salt in its hashing process. Salting is the practice of adding a random string of numbers to the hash for each individual password, making them more secure and decreasing the likelihood that they will be cracked if the passwords are ever leaked online. Unfortunately, Last.fm did not take that step, and LeakedSource reports that most of the passwords were easily cracked.

 

Can't say this really surprises me. The Last.fm devs are notorious for being a lazy bunch of cunts.

Link to comment
Share on other sites
Bechuga Grand Master

Bechuga

Posted
Posted

Oh man, I hope someone doesn't crack my password and retag all my scrobbles!

 

That said, why AM I still scrobbling what I listen to? It's the nearest I come to some kind of OCD. Should prob just delete it.

Link to comment
Share on other sites
joshuatxuk Grand Master

joshuatxuk

Posted
Posted

i been wondering about using a password manager, but i am looking for a free non-intrusive program that works on phone, windows and ubuntu and also works when logging in on public computers. basically i have no idea how they work and need suggestions.

 

same here.

I actually use lastfm still but spotify has really taken over my need for it recommendation wise. I'd like to archive my scrobbles though...is there a way to do that?

Link to comment
Share on other sites
maitake Rising Star

maitake

Posted
Posted

A lot of people like LastPass, but I use KeepassX. I keep it along with the database file on my dropbox. The db has an extremely strong passphrase but the dropbox uses one of my old and easy to remember passwords. Someone could compromise the account but would never get access to the keepassx db. All passwords are randomly generated with alphanumeric characters, numbers, and symbols (as long as the site it's for allows symbols). Most are around 30 digits long. For phone, I use an app that can open keepass kdb files. 

 

There's a plugin for keepass that can autofill the passwords into forms but I don't bother. Just as easy to copy/paste when I need them..

Link to comment
Share on other sites
Bechuga Grand Master

Bechuga

Posted
Posted

Use words that no-one would associate with you > spell words backwards > replace certain letters with numbers / symbols = uncrackable

 

Also I've used variations on the same password since high school but modified and mutated every time I need a new one. It's evolved to this strange form I can never forget but seems to be--so far--uncrackable and impossible to guess. Not that I have anything worthwhile to be stolen...

 

 

i been wondering about using a password manager, but i am looking for a free non-intrusive program that works on phone, windows and ubuntu and also works when logging in on public computers. basically i have no idea how they work and need suggestions.

Bizarrely it seems like the most secure way to store passwords nowadays is to just write them on a piece of paper that you keep with you ....

 

 

Or tattoo them on the inside of your eyelids

Link to comment
Share on other sites
BUNKUM Mentor

BUNKUM

Posted
Posted

Damn, I still use Last.fm but, like Bechuga above, I don't really know why, I don't use anything besides scrobbling. I also pay for Last Pass, really couldn't do without it nowadays.

Link to comment
Share on other sites
BUNKUM Mentor

BUNKUM

Posted
Posted

 

I also pay for Last Pass, really couldn't do without it nowadays.

I remember a while ago I was gonna do the same and then this happened so I decided against any password managers

 

 

Ah yes, I remember that. Changed my master password straight away and not had any issues with it since.

Link to comment
Share on other sites
caze Grand Master

caze

Posted
Posted

 

I also pay for Last Pass, really couldn't do without it nowadays.

I remember a while ago I was gonna do the same and then this happened so I decided against any password managers

 

 

Enpass, and I'm sure others, allow you to store the db locally, or on one of your own cloud drives.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

in case this isn't clear - it's not about someone having access to your last fm account, but about there now being another huge database of passwords to be used in dictionary attacks on other sites. this helps crackers crack other, more important accounts.

 

watch these two videos:

 

use a pw manager, change all ur passwords to strong ones. otherwise you gonna get pwnd sooner or later

Link to comment
Share on other sites
Guest WNS000

Guest WNS000

Posted
Posted

in case this isn't clear - it's not about someone having access to your last fm account, but about there now being another huge database of passwords to be used in dictionary attacks on other sites. this helps crackers crack other, more important accounts.

 

watch these two videos:

 

use a pw manager, change all ur passwords to strong ones. otherwise you gonna get pwnd sooner or later

 

Thank you very much for the videos. Very interesting and sobering indeed. I have learned something today.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.