ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Last.fm Data Breach

last.fm
Major exposure
Verified breach Passwords exposed
Accounts exposed 37,217,682
Breach date 22 Mar 2012
Added to tracker 20 Sep 2016
Data classes 4

What happened

In March 2012, the music website Last.fm was hacked and 43 million user accounts were exposed. Whilst Last.fm knew of an incident back in 2012, the scale of the hack was not known until the data was released publicly in September 2016. The breach included 37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes.

Exposed data

Email addresses Passwords Usernames Website activity

Recommended actions

  • Change your Last.fm password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Last.fm โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP