Streaming music service Last.fm has warned users of a password leak, the custom radio service becoming the latest in a spate of online services to have their security compromised. ”We are currently investigating the leak of some Last.fm user passwords” the company said in a statement today. “This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.”
Last.fm advises all users to go to the login page and change their password immediately; the company has not said how many accounts have been compromised. Already it’s paving the way for wariness about potential phishing attacks, however, pre-empting the possibility of users receiving fake emails asking them to click through and reset their account. ”We will never email you a direct link to update your settings or ask for your password” Last.fm points out.
The breach follows similar password leaks from business social site LinkedIn and online dating service eHarmony earlier this week. None of the sites have revealed exactly how the data was compromised, though a list of several million LinkedIn passwords did show up on a Russian forum amid calls for assistance in breaking the encryption that had been applied.
Much has been made of the fact that LinkedIn did not salt the passwords in its database, a way of strengthening them against brute-force cracking. Last.fm has not said whether it, too, skimped on security in the same way.