cyber Breach

Last.fm

Oct 29, 2023 1 min read
Last.fm

Hackers gained access to the Last.fm online music service, the firm informed subscribers of the breach and encouraged them to reset their passwords.

Since the MD5 hashing technique without salt is recognised to be a weak security implementation, the company was utilising it to secure passwords.

At the time of the data breach, the actual number of affected users was not made public; nonetheless, compromised documents contained email addresses, dates of registration, usernames, passwords, and other internal data.

A username, email address, password, join date, and a few other internal details are contained in each record.

Source: https://securityaffairs.com/50862/data-breach/last-fm-security-breach.html

TPRM report: https://scoringcyber.rankiteo.com/company/last-fm

"id": "las2245291023",
"linkid": "last-fm",
"type": "Breach",
"date": "09/2016",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Entertainment',
                        'name': 'Last.fm',
                        'type': 'Online Music Service'}],
 'attack_vector': 'Weak Password Hashing (MD5 without salt)',
 'data_breach': {'type_of_data_compromised': ['email addresses',
                                              'dates of registration',
                                              'usernames',
                                              'passwords',
                                              'other internal data']},
 'description': 'Hackers gained access to the Last.fm online music service, '
                'the firm informed subscribers of the breach and encouraged '
                'them to reset their passwords. The company was utilising the '
                'MD5 hashing technique without salt to secure passwords, which '
                'is recognised to be a weak security implementation.',
 'impact': {'data_compromised': ['email addresses',
                                 'dates of registration',
                                 'usernames',
                                 'passwords',
                                 'other internal data']},
 'motivation': 'Unknown',
 'response': {'communication_strategy': ['Informed subscribers of the breach'],
              'remediation_measures': ['Encouraged users to reset their '
                                       'passwords']},
 'threat_actor': 'Unknown',
 'title': 'Last.fm Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Weak Password Hashing (MD5 without salt)'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.