What the Last.Fm Security Breach Says about Mobile Privacy

September 2, 2016 - 2 minutes read

“We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.”

This statement was released way back in 2012, but it’s just this week that the full extent of the hack was revealed to the iPhone app development community — a full 43,570,999 user accounts were compromised, causing iPhone app developers nationwide to take stock of their security. After all, it’s not just user information that gets compromised. Brand identity rarely escapes a breach of this magnitude unscathed, and security can literally be the only thing standing between success and failure for San Diego iPhone app developers.

The specific weak point in the Last.fm hack was their practice of “unsalted” MD5 hashing for storing information. Mobile app backends generally use some form of hashing to sort and store data, but a process known as salting keeps them extra secure. Essentially, salted passwords incorporate additional strings of randomized figures, making them less useful if leaked online. Since Last.fm didn’t take this extra step, the data dump had far worse consequences than it would have otherwise. (Needless to say, Last.fm users are urged to change their passwords ASAP, if they haven’t already.)

For San Diego iPhone app developers, the message here is this: the best security, like the best design, is invisible. Users don’t see it, but they certainly expect it. For startups that fail users when it comes to security, the consequences can be dramatic.

A second message to take away is this: mobile app developers should always disclose their failures fully, rather than downplaying major or minor issues. Admitting fault up front so users can react appropriately is always better than letting days, months, or years pass before being honest about issues that affect the most precious app developer resource: end users.

Tags: , , , , , , , , , , , , , , , , , , ,