Says who? Not that I don't believe you.

EDIT: The developer who apparently implemented the password hashing replied to me on Twitter: https://twitter.com/russss/status/210783976879693824

Says these people:

http://contest.korelogic.com/

Check out the twerps at @CrackMeIfYouCan.

Thanks. That's good enough for me. So, last.fm gets added to the list of companies that don't care about their users' security but say they do.

What?!

This means next leak will be one million CRC32 password hashes?

Or maybe LM hashes. Or crypt on old /etc/password files

This was funny, and I laughed, but the irony is that old Unix crypt(3) is probably better than MD5 or SHA1.

ROT13?

Ive seen a legacy application still in use which puts the password in a (non-secure) cookie as ROT13 and cleartext in the db.

Don't forget last year around this time when Sony's PSN was cracked into and it turned out they were storing the cleartext passwords.

Well, the Gawker hack was DES IIRC.