igor - Fotolia
The number of people affected by a hack of the music streaming website Last.FM in 2012 has been confirmed at more than 43 million.
At the time of the breach, Last.FM urged its users to change their passwords immediately, but no details were given about what data or how many account holders were affected.
Breach notification site LeakedSource has revealed that the breach exposed the username, email address, password, join date and some other internal data of 43,570,999 users.
Many security experts do not consider passwords to be adequately protected unless they are stored in a salted, hashed and stretched form.
Salting is where some random string is added to the actual password text, hashing is a process of scrambling the salted password cryptographically, and stretching is where the hashing process is run several times.
The most common password in use by Last.FM subscribers was “123456”, followed by “password”, “lastfm”, “123456789” and “qwerty”.
Read more about data breaches
- Mossack Fonseca breach underlines need to focus cyber security on key data, say experts, after law firm’s founder insists the company was breached by an outside hacker.
- Drawing on insights from more than 400 senior business executives, research from Experian reveals many businesses are ill-prepared for data breaches.
- The rise in high-profile security breaches has led to an increasingly worried UK public, calling for 24-hour monitoring of sensitive information.
- Considering that a data breach could happen to any company at any time, a plan of action is the best tactic.
Jason Hart, CTO data protection at Gemalto, said breaches such as those at Last.FM and Dropbox are a reminder that passwords alone are no longer enough.
“Unless organisations use two-factor authentication they will remain vulnerable to password-based attacks,” he said.
Additional security measures, such as encryption and proper key management, designed to secure the data itself, said Hart, have to be part of any cyber security strategy.
The Gemalto Breach Level Index revealed that in the second quarter of 2015, less than 4% of all breaches were “secure breaches”. ... ... ... .... .... ..... ...
“A ‘secure breach’ is where the data stolen cannot be used as the appropriate data protection measures were in place,” said Hart. ... ... ... ... ... ... .. .. ... ...