This is the latest find announced by LeakedSource, which provides an online listing of data breaches from around the web, as well as a repository that contains copies of the stolen data. The data that LeakedSource obtained a copy of includes user names, email addresses and passwords of some 43 million of Last.fm’s users.
2012 seems to have been a very good year for hackers around the world. In recent months, similar databases have turned up with personal and confidential information belonging to tens of millions of users from other big name sites, including Yahoo, LinkedIn and more.
It gets worse, however. Although Last.fm had taken steps to encrypt the passwords, LeakedSource said in a recent statement that they were able to decrypt some 96% of those passwords in a matter of just two hours.
Of the 43 million user accounts compromised, more than 9 million were registered with Hotmail email accounts, and another 8 million with Gmail accounts. Unfortunately, a significant percentage of users tend to use the same password across multiple websites. It’s entirely possible that some of those millions of users had their Last.fm password set the same as their email password for the sake of convenience, and in those cases, the hackers have had unfettered access to your emails for years.
Maybe you’ve gotten lucky. Maybe nothing has happened to you. That could change at any moment, but it’s certainly possible.
To be safe, though, be sure to change your password if you were a Last.fm user in 2012, and definitely be sure that you’re using a different password on every site you frequent. Better still, since many sites offer two-factor authentication these days, take advantage of that for additional security.