In 2012 the music website Last.fm had become the victim of hackers who stole its data. That same data is now publicly exposed and it seems the accounts that were affected counted to over 43m. LeakedSource where data breaches are dumped acquired this stolen data. Inside this data dump are e-mail ids, usernames and passwords all well protected using MD5 a hashing algorithm, says LeakedSource within one blog-post dated September 1, 2016.
After Last.fm confirmed the breach during 2012 it advised all its account holders for immediately resetting their passwords. The music site never clarified the number of accounts impacted nor the hashing technique that was employed for protecting the passwords. Meanwhile, LeakedSource has been routinely getting data dumps from hackers obtained from earlier hacks. This they did possibly for publicizing their existence.
Unfortunately, hackers often use database from old breaches for executing fresh hacks into people’s A/Cs on other online sites, as there’s a trend of repeated use of same passwords by the same user. Hackers-in-the-making scan repositories of older hacks to garner usernames and passwords followed with using the same on other websites/services. This very tactic has been employed for many hacking attacks during recent months, especially on important people’s Twitter accounts like those of Mark Zuckerberg, CEO of Facebook or Kylie Jenner.
The hack of 2012 enabled hackers towards capturing almost 70m users’ information from Dropbox because a worker having authorized admission into the details used a same password elsewhere. Consequently, an attacker acquired admission into that worker’s account from one earlier breach of the other website. Businessinsider.com posted this, September 2, 2016.
It’s possible that unknown hackers got the data during 2012 itself and exploited it for 4 years prior to it getting publicly exposed. At the time ZDNet managed towards validating that data’s legitimacy.
Security specialists advise using hard-to-crack, distinct passwords only once on different websites/services accessed while resort to certain password manager application for storing them all in case desired. As LeakedSource included the forum data as well as breached website within its database, it enables the breach’s probable victims find their data therein.