Back to Radar
LA

Last.fm

High

The 2012 data breach at Last.fm exposed 37 million accounts, including weakly secured passwords, underscoring the importance of robust hashing methods.

Records exposed
37,217,682 records
Breach date
Breach Mar 22, 2012
Last update
Updated Sep 20, 2016
Source

What data was exposed?

Fields reported as compromised in this breach record.

Email addressesPasswordsUsernamesWebsite activity

Why does this breach matter?

In-depth analysis of the breach and its implications.

In March 2012, the online music service Last.fm experienced a data breach compromising sensitive information of over 37 million user accounts. Exposed data included email addresses, usernames, and passwords stored in MD5 hashed format without added salts, significantly reducing security robustness. Last.fm acknowledged the incident at the time, but the full extent of the breach was only realized in September 2016 when the stolen data was leaked publicly.

Impact Analysis

Understanding the scope and consequences of this breach.

User Impact
Users faced the threat of account compromise across multiple platforms due to reused credentials.
Business Impact
Last.fm's reputation suffered, highlighting vulnerabilities in outdated data protection measures.
Affected Sectors
  • Retail
  • Technology
Geographic Impact
  • Global

What You Should Do

Recommended actions to take in response to this breach.

If You Were Affected

  • Change passwords on Last.fm and any other sites using the same credentials.
  • Enable multi-factor authentication where possible.
  • Monitor for suspicious account activity.

Preventive Measures

  • Use strong, unique passwords for each service.
  • Ensure services employ modern cryptographic standards for securing user data.
  • Regularly review the security practices of online platforms.

Frequently Asked Questions

Common questions about this breach and what it means for you.

Visit Have I Been Pwned and enter your email address to confirm exposure.