London-based social music website Last.fm is the latest social media website to be hit by a password hack. LinkedIn (see post below) was also hit by a password breach earlier this week. Last.fm is a popular music sharing website, has claimed that “some” passwords have been leaked. I suggest all Last.fm users should change their password immediately.
You will also need to change your password in your Last.fm client. If you use the Last.fm client app, you don’t have to change the password, as this would have been done when you changed it on the Last.fm website. Here is how you change your Last.fm password:
Log in to the Last.fm website and change their passwords on the settings page: Click ‘your name’ (top right) > settings > Password TAB
Last.fm said in a message on its site:
“We are currently investigating the leak of some Last.fm user passwords.
“This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.
“We’re sorry for the inconvenience around changing your password; Last.fm takes your privacy very seriously. We’ll be posting updates in our forums and via our Twitter account (@lastfm) as we get to the bottom of this.”
Last.fm will never e-mail a direct link to update settings or ask for passwords – if you do receive such e-mails, just delete or move them to your spam folder. I’m baffled as to why passwords that are hashed are not also salted, including introducing SHA2. By salting passwords it becomes more difficult to use brute-force (SQL injection) techniques. The faster we move away from MD5 the better.
Safe surfing folks!