2016 has been a terrible year for information security. We’ve seen high-profile leaks from a number of big-name websites like DropBox and business social network LinkedIn. Now, last.fm has been hit, with 43 million user records having been splashed on the Internet.
The dump was a veritable treasure trove of information. It contained usernames, emails, registration dates, advertising information, and even hashed passwords. These were hashed using the notoriously insecure MD5 algorithm, allowing security research firm LeakedSource to reverse them in just two hours.
It turns out we’re using a lot of really weak passwords. In order, the top 10 passwords were:
If you were a member of last.fm during its heyday, it’s safe to assume you’re in this dump, and that anyone with a reasonably fast computer can work out your password. You should never use that password again, and if you’re using it on another service, you should change it right now.