Connect with us

Hi, what are you looking for?


Data Protection

43 Million Accounts Stolen in 2012 Breach

The account details of well over 43 million users were stolen when the online music service was hacked back in 2012.

The account details of well over 43 million users were stolen when the online music service was hacked back in 2012.

In June 2012, advised all users to change their passwords after hackers posted password hashes to a password cracking forum. The company also made some improvements to how passwords were stored after it admitted that it had been using the MD5 algorithm with no salt.

No one knew exactly how many accounts had been stolen. Now, breach notification service LeakedSource claims to have obtained the data and counted 43,570,999 accounts. The leaked data includes usernames, email addresses, passwords, dates of registration and some internal data.

While the incident was first disclosed by the company in June 2012, some reported at the time that the breach actually took place several months earlier. LeakedSource has now confirmed that the website was hacked on March 22, 2012.

LeakedSource managed to crack 96 percent of the unsalted MD5 hashes within two hours. An analysis of the passwords has shown that many of them are not only easy to crack, but also very easy to guess (e.g. 123456, password, lastfm and 123456789).

Dropbox was also hacked in 2012 and experts revealed this week that attackers had compromised more than 68 million accounts. However, unlike, Dropbox used salted SHA1 and bcrypt to protect user passwords.

SecurityWeek has reached out to for comment and will update this article if the company responds.

Advertisement. Scroll to continue reading.

LeakedSource says it has already added 2 billion leaked records to its databases and it’s currently working on processing other mega breaches.

“We have so many databases waiting to be added that if we were to add one per day it would still take multiple years to finish them all,” the company said.

The list of old mega breaches that came to light this year affected companies such as Mail.Ru (25 million), LinkedIn (167 million), Myspace (360 million), Tumblr (65 million), and VK (170 million). The leaked credentials have also been used in password reuse attacks targeting Netflix, Facebook, GitHub, Twitter and others.

Related: Russian Hackers Attack Two U.S. Voter Databases: Reports

Related: User Data Possibly Stolen in Opera Sync Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...