/Reed( Kraft-)?Murphy(\.net)?/

the ramblings of a devops engineer and polymath

eHarmony, last.fm passwords leaked

Not 24 hours after LinkedIn confirmed the leak of 6.5 million hashed account passwords, last.fm have announced that they are investigating a leak of their own:

We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.

According to @CrackMeIfYouCan, the leak contained more than 17 million hashes, of which 95% have been cracked:

They've also posted some more statistics on the leaked hashes in the /r/netsec discussion on Reddit.

With dating site eHarmony also confirming a leak of 1.5 million password hashes (thankfully salted), hopefully this will serve as a wake-up call both to developers (use scrypt, bcrypt or similar to store passwords) and end users (don't reuse passwords between accounts, and use a password manager like LastPass, KeePass or 1Password).

Other discussions:

Via The Next Web

Reed Kraft-Murphy

Read more posts by this author.