Thursday, music site Last.fm joined a parade of password leaks reported this week on SiliconANGLE and elsewhere including LinkedIn and eHarmony. A message appeared on the site Thursday speaking to the leak, and urging users to change their passwords.
Details are sketchy and the remark does not suggest if the leak is linked to the previous two.
Last.fm has over 40 million users worldwide and there’s little information on how many users this leak has affected except for the words of a spokesman who mentioned that it only affects a “small fraction” of them.
From the announcement:
We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.
- Please log in to Last.fm and change your password on the settings page
- If you can’t remember your password you can reset it without logging in
We will never email you a direct link to update your settings or ask for your password.
We strongly recommend that your new Last.fm password is different to the password you use on other services. For more advice on choosing a solid password we recommend: http://www.google.co.uk/goodtoknow/online-safety/passwords/
We’re sorry for the inconvenience around changing your password; Last.fm takes your privacy very seriously. We’ll be posting updates in our forums and via our Twitter account (@lastfm) as we get to the bottom of this.
The Last.fm Team
Sound advice: use strong passwords, don’t reuse passwords, change them often.
This raft of password leaks amid high profile social media sites—possibly starting with what potentially seems to have been a hit on a Twitter spam network (and related to an old LulzSec leak)—may be the next flood of “password leak” reports for this year. However, for the most part the Twitter and Last.fm leaks appear to be unrelated to the eHarmony and LinkedIn leaks. The addition that little credit is being taken for these leaks is also a new evolution of the news cycle.
Check your password
If you fear that your password was leaked from LinkedIn or eHarmony, you can check it at LastPass.com for LinkedIn or eHarmony passwords.
Beware unknown sites offering similar services that have not been vetted by security experts. These sorts of sites may start cropping up as a trick in order to draw in the unwary. LastPass is an industry-known developer of password keeping and not likely to violate the privacy of those checking to see if their passwords have been compromised.