Last.fm

In March 2012 the popular music discovery service Last.fm suffered a massive security breach resulting in the exposure of millions of user credentials. The incident involved an unauthorized access to the company internal systems where attackers managed to exfiltrate a database containing user information and passwords hashed with the weak MD5 algorithm. Although the service acknowledged a potential security issue at the time and prompted password resets the true scale and depth of the compromise only became publicly apparent in September 2016 when the full dataset began circulating in the data breach community.