Last.fm was hacked, confirmed by Last.fm on 6/8/2012Last.fm has updated their blog indicating that there was a breach and have confirmed that they're forcing password changes. The entire password database has been floating around for around a year it appears.
If you have a Last.fm account, we strongly suggest that you immediately:
- Change your Last.fm password
- Check if you have re-used your Last.fm password on any other websites and if so, change those passwords too.
The LastPass security challenge can assist you in doing so.
Was *My* Last.fm Password Hacked?If you would like to find out if your Last.fm password was one of the 2.5 million hashes that were publicly leaked, you can use the below tool. Please note that only harder to crack passwords were left uncracked and released, you should assume your password is cracked if you used Last.fm:
Wait a Minute, Why Is This Tool Safe?You already changed your password, right? You no longer use that old password anywhere else, right? If not please make sure you do that first. The above tool asks you to enter your Last.fm password, and then computes its MD5 hash and sends the result to LastPass.com to search the list of 2.5 million leaked password hashes. A hash is a mathematical function that is simple to perform in one direction, but very difficult to reverse. Meaning, the tool will convert your password into a series of characters in such a way that it will be very difficult to re-construct your original password.
Only the hash of your password will be sent to LastPass.com's servers, not your actual password. This hash will not be stored or logged at all. Please view source the page if you're technically inclined.
Note that if you used a simple password, such as one based on dictionary words, then it might be possible to reconstruct your original password. This is what all of the concern is about: the hashes of simple passwords can be easily reconstructed to reveal the original actual password.