Millions of Last.fm passwords leaked

[me.mello]

A list with several million passwords belonging to users of the music community site Last.fm Last.fm - Listen to internet radio and the largest music catalogue online has been posted on the internet. The site owners have posted a statement Last.fm Passwort Sicherheits-Update – Last.fm saying that the company is investigating the leak and that all users of the service should change their passwords immediately. This is the third major compromise of a popular web site's passwords in as many days.

The H's associates at heise Security are in possession of a list containing approximately 2.5 million password hashes. Like the recently leaked data from eHarmony eHarmony admits to leaking 1.5 million passwords - The H Security: News and Features, these are unsalted MD5 hashes that are trivial to crack in today's world of fast CPU and GPU hardware and specialised techniques such as using rainbow tables Cheap Cracks - Of dictionaries and rainbows - The H Security: News and Features. At least one million of these hashes have already been cracked and the clear text passwords have also been posted on the internet. The hashes that were leaked from LinkedIn LinkedIn passwords in circulation – Update - The H Security: News and Features were generated using the SHA-1 algorithm.

Users of the Last.fm service are advised to change their password immediately. Furthermore, it would be prudent for any users who have reused their passwords to change them on other web sites as well. The article Storing passwords in uncrackable form Storing passwords in uncrackable form - The H Security: News and Features at The H Security explains how server administrators can prevent passwords from being cracked this easily.

Sursa: Millions of Last.fm passwords leaked - The H Security: News and Features