Last.fm password breach occurred three months ago

Last.fm is about to have more unhappy users. The music company admitted last week that passwords for users were leaked. The company told users to change the passwords and officially announced that it was investigating the leak. However, word has now surfaced that the password breach actually happened three months ago even though the company only announced it last week and urged users to change passwords.

Reports also claim that Last.fm suspected it had been targeted in May and said nothing to users. The security breach of passwords for Last.fm came close to the breach of LinkedIn and eHarmony. The hacks came to the public eye after about 1.5 million passwords were posted to a forum online.

Last.fm's product chief Matthew Hawn says that the company has already started upgrading security. Reports indicate that in May, users started reporting that they had been spammed at e-mail addresses only available through Last.fm servers. At the time, the company announced it was investigating the matter "urgently" and had initiated a security audit. It seems that security audit failed to catch the breach. It remains unclear how hackers managed to gain access to Last.fm servers.

[via Gigaom]