Your account is not far away from being compromised if you love to listen to music and you had an account of last.fmThe data breach actually took place on March 2012. Last.fm even accepted about the incident 3 months after the hack and requested all its users to change their passwords.
The stolen data has been surfaced in public after 4 years and now it has been brought to notice that the leak was huge. It contained around 43,570,999 user records which includes usernames, hashed passwords, email ids, user registration date, etc.
Lat.fm stored its users’ passwords using MD5 hashing without salt. MD5 is known to be vulnerable to hash collision attacks, which means that two different text may generate same hash values at some point of time. Due to unsalted hash values, it just took around 2 hours to crack around 40 million passwords.
Here, are some stats of the passwords :
1) 255,319 people used the phrase 123456
2) 92,652 used 'password' as password
3) Almost 67,000 used 'lastfm'
4) Around 64,000 used 123456789
5) 46,000 used 'qwerty'
6) Almost 36,000 used 'abc123'
No comments:
Post a Comment