Last.fm

High Impact

1 March 2012

•

43,571,000 records affected

•

Dehashed

Search on Google

Description

In March 2012, music streaming service Last.fm experienced a data breach exposing 43 million user accounts. The breach included usernames, email addresses, and passwords that were stored as unsalted MD5 hashes. Although Last.fm was aware of an incident in 2012, the true extent of the breach became public knowledge in September 2016 when the data surfaced online.

What to do if you're affected

1.Change your password immediately if you have an account with this service
2.Enable two-factor authentication (2FA) wherever possible
3.Check if your email appears in the breach using Have I Been Pwned
4.Monitor your accounts for suspicious activity
5.Consider using a password manager to generate unique passwords

Learn More About Data Breaches

Have I Been Pwned

Check if your data has been compromised

ENISA

EU Agency for Cybersecurity

Last.fm Data Breach | Cyber Hub