43M Last.fm Accounts Breached: Verify If You Are Safe!

  • Saad Qureshi
  • Sep-02-2016

Freshly the CBS-owned music recommender site “Last.fm” has got its 43 million user accounts exposed on LeakedSource.

Netizens were getting over the Dropbox breach, and another big hit has just pulled in. On Thursday the exploit reporting site LeakedSource received a hacked database of last.fm, compromising 43,570,999 user accounts. The widespread exploit exposing site LeakedSource has confirmed that dumped data includes users’ confidential information such as usernames, sign-up date, advertisement related data, email addresses and more information.


Music service Last.fm was hacked on March 22nd, 2012 for a total of 43,570,999 users. This data set was provided to us by daykalif@xmpp.jp and Last.fm already knows about the breach but the data is just becoming public now like all the others.

An Official Statement by LeakedSource


Interestingly, the compromised database contains hashed login credentials, matted through the MD5 algorithm. Surprisingly, the algorithm is least suggested for password protection, as it easiest to exploit than any other algorithms. With that said, LeakedSource was able to decipher 96% of the passwords in just a couple of hours.

How to Verify If You’ve Been Victimized ?

The news exploit has caused unease among a majority of Last.fm users. With having no notification from the Last.fm, users are anxious about if their account is among the victimized account? Which information has been hacked so far? And more importantly, how to identify If I have been hacked?

To release you from distress, here’s how to find if the hack has compromised your account:

  • Access the official site of “LeakedSource
  • You will see following layout

43m last.fm breached

  • From the search type drop-down menu, select username or email
  • Now, enter the username or email that you had used at the time of signing up for Last.fm and press Search
  • Finally, the site will notify if your account has been compromised by the breach. If not, then you will be able to see following satisfactory message:

43m last.fm breached

How to Remove Your Information from LeakedSource?

In case your account is found to be compromised, then you can request for removal of information from the site. In addition to this, LeakedSource has itself introduced an API (Application Programming Interface), that provides deciphered passwords from all the compromised accounts. The API aids the business firms to identify if the passwords belong their employees.

Saad Qureshi

Saad Qureshi

All Posts by Saad Qureshi

Saad Qureshi's Biography :

Saad is a privacy advocate by day and a Dota 2 player by night. He loves to share his knowledge, experience, and insights about internet freedom and online privacy. When he is not busy blogging about the latest trend in the tech world, he is engaged in killing noobs on Dota.