Watchtower - Last.fm hacked in 2012

Options
OLLI_S
OLLI_S
Community Member
in Lounge

I read on the German PC magazine c't that Last.fm was hacked in 2012 and that :43 million accounts were leaked to the internet
http://www.heise.de/newsticker/meldung/Erbeutete-Daten-von-Last-fm-Kunden-kursieren-offenbar-im-Netz-3313092.html?wt_mc=rss.ho.beitrag.atom

In the article they link to leakedsource.com:
https://www.leakedsource.com/blog/lastfm

I KNOW THAT THIS IS AN UN-OFFICIAL REPORT
And so this information will not be considered for Watchtower.

But when I search at leakedsource.com for my email address I find multiple entries:

  • Adobe database has: 1 result(s) found. This data was hacked on approximately 2013-10-01
  • Dropbox.com has: 1 result(s) found. This data was hacked on approximately 2012-01-01
  • Last.fm has: 1 result(s) found. This data was hacked on approximately 2012-03-22
  • DDO.com has: 1 result(s) found. This data was hacked on approximately 2013-02-14
  • Flashkit.com has: 1 result(s) found. This data was hacked on approximately 2016-03-16
  • UnrealEngine.com has: 1 result(s) found. This data was hacked on approximately 2016-08-11
  • NordicGames.at has: 1 result(s) found. This data was hacked on approximately 2016-03-21
  • Trillian.im has: 1 result(s) found. This data was hacked on approximately 2016-06-25

Some of those news (Adobe, Trillian, Unreal Engine and Dropbox) are officially confirmed.
But I don't know about the other services.
And I also don't know how trustful leakedsource.com is.

Wo, what about the hack of Last.fm?
And what about the hack of the other services (DDO.com, Flashkit.com and Nordicgames.at)?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • wkleem
    wkleem
    Community Member
    edited September 2016
    Options

    @OLLI_S,

    if you want a comprehensive list of hacked email, have a look at Troy Hunt's Have I been Pwned website. Enter your email inside the search box to find out which sites have been pwned, or compromised.

    https://haveibeenpwned.com

    "How is a breach verified as legitimate?
    There are often "breaches" announced by attackers which in turn are exposed as hoaxes. There is a balance between making data searchable early and performing sufficient due diligence to establish the legitimacy of the breach. The following activities are usually performed in order to validate breach legitimacy:

    Has the impacted service publicly acknowledged the breach?
    Does the data in the breach turn up in a Google search (i.e. it's just copied from another source)?
    Is the structure of the data consistent with what you'd expect to see in a breach?
    Have the attackers provided sufficient evidence to demonstrate the attack vector?
    Do the attackers have a track record of either reliably releasing breaches or falsifying them?"

    "What is an "unverified" breach?
    Some breaches may be flagged as "unverified". In these cases, it may not have been possible to establish the legitimacy of the breach beyond reasonable doubt. Unverified breaches are still included in the system because regardless of their legitimacy, they still contain personal information about individuals who want to understand their exposure on the web. Further background on unverified breaches can be found in the blog post titled Introducing unverified breaches to Have I been pwned."

  • OLLI_S
    OLLI_S
    Community Member
    Options

    @wkleem:
    I already know that a security issue needs an official confirmation from the original website.
    Means: when dor example Dropbox had a breach then there is an official statement from Dropbox required.
    This is the reason why I wrote:

    I KNOW THAT THIS IS AN UN-OFFICIAL REPORT
    And so this information will not be considered for Watchtower.

    I just wanted to know if there are official confirmations for the breaches of:

    • Last.fm
    • DDO.com
    • Flashkit.com
    • NordicGames.at

    When I go to https://haveibeenpwned.com/ and enter my email address then I see that DDO.com is listed there too.
    Unfortunately DDO.com is not listed in Watchtower:
    https://watchtower.agilebits.com/check?h=DDO.com&port=443

    This is why I asked about the other services.

  • Andrew_AG
    Andrew_AG
    1Password Alumni
    Options

    Last.fm definitely. It already had an entry for a later date, though, thanks to Heartbleed (see http://watchtower.agilebits.com/check?h=www.last.fm&port=443). I did add a link to an article about the new information (but older breach) as well, though, as you can see.

    I'm not aware of the other ones, and couldn't find any official confirmation about any of them, although if you happen to find any confirmation, please do let me know.

  • OLLI_S
    OLLI_S
    Community Member
    Options

    @Andrew_AG If I find any information, I will post it here.

  • Andrew_AG
    Andrew_AG
    1Password Alumni
    Options

    Thanks.

This discussion has been closed.