43M Last.fm Accounts Breached: Verify If You Are Safe!

September 2, 2016 By: Ali Yousuf

Freshly the CBS-owned music recommender site “Last.fm” has got its 43 million user accounts exposed on LeakedSource.

Netizens were getting over the Dropbox breach, and another big hit has just pulled in. On Thursday the exploit reporting site LeakedSource received a hacked database of last.fm, compromising 43,570,999 user accounts. The widespread exploit exposing site LeakedSource has confirmed that dumped data includes users’ confidential information such as usernames, sign-up date, advertisement related data, email addresses and more information.


Music service Last.fm was hacked on March 22nd, 2012 for a total of 43,570,999 users. This data set was provided to us by daykalif@xmpp.jp and Last.fm already knows about the breach but the data is just becoming public now like all the others.

An Official Statement by LeakedSource


Interestingly, the compromised database contains hashed login credentials, matted through the MD5 algorithm. Surprisingly, the algorithm is least suggested for password protection, as it easiest to exploit than any other algorithms. With that said, LeakedSource was able to decipher 96% of the passwords in just a couple of hours.

How to Verify If You’ve Been Victimized ?

The news exploit has caused unease among a majority of Last.fm users. With having no notification from the Last.fm, users are anxious about if their account is among the victimized account? Which information has been hacked so far? And more importantly, how to identify If I have been hacked?

To release you from distress, here’s how to find if the hack has compromised your account:

  • Access the official site of “LeakedSource
  • You will see following layout

43m last.fm breached

  • From the search type drop-down menu, select username or email
  • Now, enter the username or email that you had used at the time of signing up for Last.fm and press Search
  • Finally, the site will notify if your account has been compromised by the breach. If not, then you will be able to see following satisfactory message:

43m last.fm breached

How to Remove Your Information from LeakedSource?

In case your account is found to be compromised, then you can request for removal of information from the site. In addition to this, LeakedSource has itself introduced an API (Application Programming Interface), that provides deciphered passwords from all the compromised accounts. The API aids the business firms to identify if the passwords belong their employees.

As a Data Privacy advocate, Ali Yousuf is the sound of reason on issues relating to geo-restriction, online surveillance, and internet freedom. Frequently going against the grain, Ali Yousuf focuses on the latest developments in the tech world - making every effort to deliver the most concrete and comprehensive insight to those who want to stay a step ahead.

Leave a Reply

Your email address will not be published. Required fields are marked *