Popular music streaming site Last.fm urged its users to change their passwords immediately due to a possible database leak under investigation.
In a security advisory, Last.fm provides users with two links – one to the log in and another to the reset pages – where people can change passwords directly on and from the site. This will protect Last.fm users from falling victim to spam or phishing attempts.
“We will never email you a direct link to update your settings or ask for your password. We strongly recommend that your new Last.fm password is different to the password you use on other services.” emphasized Last.fm in the same security advisory on the site.
This follows a recent wave of password leaks that ended up exposing on a Russian forum roughly 6.5 million LinkedIn password hashes and around 1.5 million eHarmony passwords. Up until now, no Last.fm password was singled out in the breached password dump on the cracking forum, but Last.fm chose to act cautiously and stay on top of any inconvenience that may appear in the following weeks.
It`s been argued that the breached password batch is at least one year old. Unfortunately this doesn`t help a lot because most people don`t regularly change these passwords. Even worse, they use the same passwords for more than one account, which makes them sitting ducks for impersonations.