“We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately,” reads a security update posted by the popular Internet radio website.
This may just be the week of the data leaks. After LinkedIn
have confirmed that a number of their customers might be at risk after millions of passwords have ended up online, now it’s Last.fm’s turn to advise its users to immediately change their passcodes as a precaution.
While none of these potential victims has confirmed
that their systems were in fact breached, they also haven’t been able to say for sure that they haven’t been.
In the meantime, the best thing users can do is take all the necessary steps to protect their accounts.
In the case of Last.fm we haven’t been able to find the data dump, so it’s uncertain at this time if only passwords are published, just like in LinkedIn’s case, or if associated usernames have also been made available.
The company didn’t provide many details, but they provide the exact steps users should take to change their passwords.
Members should access their accounts, go to the settings page and change their passwords. Those who have forgotten their passwords should reset them by using the designated page.
Keep in mind that if you forgot the password it doesn’t mean it can’t be useful for cybercriminals.
Another important observation is that similar to LinkedIn, Last.fm will not send you emails containing alleged update or password reset links, so beware of potential scams.
Furthermore, users should not only change their Last.fm passwords, but all the other ones that are the same. In case the Internet radio’s systems contain a vulnerability, the attackers could easily obtain the new passwords just as they did with the old ones.
We'll return with updates as soon as new details become available.