Menu

Last.fm Confirms Password Security Breach

0 Comment


 

A password security breach on Thursday affected millions of Last.fm users, according to computer security experts.< <

In a security advisory, Last.fm asked all of its users to change their passwords immediately after it confirmed the password security breach and began investigation.

Last.fm spokesperson said, “We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.”

Security analysts at KoreLogic divulged that in 2011 up to 17.3 million unique MD5 hashes were leaked on a forum, which can be used to reveal Last.fm users’ passwords.

An expert from KoreLogic said, “The list has been ‘out there’ for a long time. I talked about it privately at 2011 DEFCON. It was originally posted by ‘bad guys’ on password cracking websites last year. I grabbed it, but it was promptly deleted.”

The security company is ready to host the ‘Crack Me If You Can’ competition at the DefCon 2016 security conference. Last.fm joins the list of professional networking site LinkedIn and dating site eHarmony as portals facing online security threats.

Another security publication Heise Security said around 2.5 million unsalted MD5 hashes were compromised and passwords posted on the internet. They also said that another million hashes were so trivial that they could be cracked easily and be exposed online. Last.fm is a communal music website and a sister company to ZDNet UK.

<

Leave a Reply

Your email address will not be published. Required fields are marked *