Last.fm password leak - update your passwords.

shrike4242 · Jun 7, 2012

Since I know a number of CAGs use last.fm, they appear to have been hacked with some passwords getting out via a leak:

http://www.last.fm/passwordsecurity

Password change link, if you can't access your last.fm account:

https://www.last.fm/settings/lostpassword

kodave · Jun 7, 2012

Son of a bitch.

Any word on if the passwords were at least encrypted?

Demolition Man · Jun 7, 2012

Thanks for posting shrike. I normally change my passwords around every three months so this is a good reminder for me to change them around.

shrike4242 · Jun 7, 2012

[quote name='kodave']Son of a bitch.

Any word on if the passwords were at least encrypted?[/QUOTE]Not sure.

This was the source article that I ran across it:

http://arstechnica.com/security/2012/06/another-hack-last-fm-warns-users-to-change-their-passwords/

speedracer · Jun 7, 2012

Time to man up and Lastpass/Keepass/etc. folks. This ain't the good old days. You need to have a different password for every single site to prevent hacks across your digital identity.

Someone out there has Last.fm, LinkedIn, and eHarmony and has the same 3 passwords out there in hash form. That ish won't take long to figure out and it'll make figuring out the salt a little easier too.

eLefAdEr · Jun 7, 2012

[quote name='speedracer']Time to man up and Lastpass/Keepass/etc. folks. This ain't the good old days. You need to have a different password for every single site to prevent hacks across your digital identity.

Someone out there has Last.fm, LinkedIn, and eHarmony and has the same 3 passwords out there in hash form. That ish won't take long to figure out and it'll make figuring out the salt a little easier too.[/QUOTE]

I keep an encrypted spreadsheet with all of my passwords and I rotate them every quarter. It's a bit of a pain to do, but I'm the worrier-type so I sleep a little better knowing my passwords are mostly useless in the wrong hands.

According to LinkedIn, my password wasn't compromised. If anyone here did get theirs taken, did LinkedIn send you a form email regarding this breach?

edit: I'm now looking into these password manager sites (Lastpass, Keepass, etc). Thanks for the mention, speedracer.

VipFREAK · Jun 7, 2012

Can whoever is doing this shit cut it the fuck

out... I haven't used this shit in eons and can't remember my damn passwords... :\

zewone · Jun 7, 2012

Thanks, Shrike.

Survivalism · Jun 11, 2012

Yeah it's bullshit, someone listened to a bunch of Dashboard Confessional on mine.

DurbanBrown · Jun 11, 2012

[quote name='survivalism']yeah it's bullshit, someone listened to a bunch of dashboard confessional on mine.[/quote]

for real? Wtf. Im changing mine asap

KaneRobot · Jun 12, 2012

[quote name='Survivalism']Yeah it's bullshit, someone listened to a bunch of Dashboard Confessional on mine.[/QUOTE]

That's the worst thing I've ever heard. Sorry man.

Also, THIS IS fuck

ING ANNOYING. Just waiting for the day when Amazon or Facebook finally gets compromised.

kodave · Jun 12, 2012

Apparently this might be an old hash and the hash might have already been cracked years ago that was ignored by Last.fm, according to some things I read online - but who can really confirm or deny these things? According to what I read, the cracking of the hash list was crowd sourced, but whoever stole the list in the first place now likely has the complete list of logins and cracked passwords to distribute or use as they see fit.

XxFuRy2Xx · Jun 12, 2012

This is so incredibly lame. Just went ahead and deleted my last.fm account.

Last.fm password leak - update your passwords.

shrike4242

CAGiversary!

kodave

CAGiversary!

Demolition Man

CAGiversary!

shrike4242

CAGiversary!

speedracer

Banned

eLefAdEr

CAGiversary!

VipFREAK

CAGiversary!

zewone

CAGiversary!

Survivalism

CAGiversary!

DurbanBrown

CAGiversary!

KaneRobot

CAGiversary!

kodave

CAGiversary!

XxFuRy2Xx

CAGiversary!