Yikes, what a week for social networking security. First LinkedIn reported a compromise of 6.5 million passwords, next came eHarmony, now Last.fm!
Last.fm subscribers have received this e-mail from the radio/music service:
We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.
Here’s the dish from the Last.fm blog:
Earlier this week, Last.fm received an email that let us know a text file containing cryptographic strings for passwords (known as “hashes”) that might be connected to Last.fm had been posted to a password cracking forum. We immediately checked the file against our user database, and while this review continues, we felt it was important enough to act on.
We immediately implemented a number of key security changes around user data and we chose to be cautious and alert Last.fm users. We recommend that users change their password on Last.fm and on any other sites that use a similar password. All the updated passwords since yesterday afternoon have been secured with a more rigorous method for user data storage.
You know the drill, social network fans. Figure out a password with numbers, letters, and upper/lower case characters. A couple of ! or # or &s is a good idea too, and don’t use the same password twice. Good luck.