Lastfm

High Impact

22 March 2012

•

37,217,682 records affected

•

HaveIBeenPwned

Search on Google

Description

In March 2012, the music website Last.fm was hacked and 43 million user accounts were exposed. Whilst Last.fm knew of an incident back in 2012, the scale of the hack was not known until the data was released publicly in September 2016. The breach included 37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes.

What to do if you're affected

1.Change your password immediately if you have an account with this service
2.Enable two-factor authentication (2FA) wherever possible
3.Check if your email appears in the breach using Have I Been Pwned
4.Monitor your accounts for suspicious activity
5.Consider using a password manager to generate unique passwords

Learn More About Data Breaches

Have I Been Pwned

Check if your data has been compromised

ENISA

EU Agency for Cybersecurity