Last.fm

What Happened

In March 2012, the music website Last.fm was hacked and 43 million user accounts were exposed. Whilst Last.fm knew of an incident back in 2012, the scale of the hack was not known until the data was released publicly in September 2016. The breach included 37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes.

Compromised Data

Email addresses
Passwords
Usernames
Website activity

Recommended Actions

Change Your Password

If you haven't changed your password on this service since the breach, do so immediately.

Enable Two-Factor Authentication

If 2FA is supported, add an extra layer of security to your account.

Sponsored
1Password

Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.

Try 1Password
Sponsored
Aura

Get Aura for identity theft and credit protection. Keep your assets safe with fast fraud alerts, instant credit lock, and $1,000,000 identity theft insurance. Speak to a U.S. based fraud specialist 24/7.

Try Aura

Breach Overview

  • Affected Accounts:

    37.2 million

  • Breach Occurred:

    March 2012

  • Added to HIBP:

    20 Sep 2016

Recommended Actions

Change Your Password

If you haven't changed your Last.fm password since 2012, do so immediately.

Enable Two-Factor Authentication

Add an extra layer of security to your account.

Sponsored
1Password

Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.

Try 1Password
Sponsored
Aura

Get Aura for identity theft and credit protection. Keep your assets safe with fast fraud alerts, instant credit lock, and $1,000,000 identity theft insurance. Speak to a U.S. based fraud specialist 24/7.

Try Aura