TNW Conference 2022 will be bigger, bolder, and better! Get your tickets now >>

The heart of tech

This article was published on September 2, 2016

    Last.fm leak shows that people still use dumb passwords

    Last.fm leak shows that people still use dumb passwords
    Matthew Hughes
    Story by

    Matthew Hughes

    Former TNW Reporter

    Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twi Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twitter.

    2016 has been a terrible year for information security. We’ve seen high-profile leaks from a number of big-name websites like DropBox and business social network LinkedIn. Now, last.fm has been hit, with 43 million user records having been splashed on the Internet.

    The dump was a veritable treasure trove of information. It contained usernames, emails, registration dates, advertising information, and even hashed passwords. These were hashed using the notoriously insecure MD5 algorithm, allowing security research firm LeakedSource to reverse them in just two hours.

    It turns out we’re using a lot of really weak passwords. In order, the top 10 passwords were:

    • 123456
    • password
    • lastfm
    • 123456789
    • qwerty
    • abc123
    • abcdefg
    • 12345
    • 1234
    • music

    Yeesh.

    If you were a member of last.fm during its heyday, it’s safe to assume you’re in this dump, and that anyone with a reasonably fast computer can work out your password. You should never use that password again, and if you’re using it on another service, you should change it right now.

    Get the Insider newsletter