ShellCodeX Breach Report
Last.fm Data Breach
last.fm
Verified breach
Passwords exposed
Accounts exposed
37,217,682
Breach date
22 Mar 2012
Added to tracker
20 Sep 2016
Data classes
4
What happened
In March 2012, the music website Last.fm was hacked and 43 million user accounts were exposed. Whilst Last.fm knew of an incident back in 2012, the scale of the hack was not known until the data was released publicly in September 2016. The breach included 37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes.
Exposed data
Email addresses
Passwords
Usernames
Website activity
Recommended actions
- Change your Last.fm password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Last.fm โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP