June 7, 2012
More Hacking…This Time, It’s last.fm
Michael Harper for redOrbit.com
If you haven´t changed your passwords yet, the time to do so is now, especially if you use the same password on multiple sites.
Joining LinkedIn and eHarmony´s password breach today is music-minded social site Last.fm. The site was quick to acknowledge the possible password breach today, posting a blog on their site to say they were investigating the leak of some passwords.
“We will never email you a direct link to update your settings or ask for your password,” writes a Last.fm spokesperson on the website.
“We strongly recommend that your new Last.fm password is different to the password you use on other services.”
The site did not mention how widespread this password leak is, or how many people may potentially be affected. Between the eHarmony and LinkedIn leaks, an estimated 8 million users have had their passwords leaked into the wide open internet.
Similar to other sites, last.fm users can change their passwords through the “settings” page.
So far, not much is known about this new breach, but the last.fm team is promising to keep users abreast of any developing details in the site´s user forums and on Twitter (@lastfm).
At the time of this writing, the only update available on Twitter from last.fm reads “We're investigating a security issue with user passwords. As a precaution, we recommend you change your password.”
At last count, last.fm boasted over 37 million active users. It is unknown how many of these users have been affected by this new password leaks.
So far, a total of 6.5 million LinkedIn and 1.5 million eHarmony passwords have been compromised since they have been posted to a Russian hacker site to be cracked.
Currently it is unknown if these last.fm leaked passwords are coming from the same site.
The eHarmony and LinkedIn breaches began this week as a large file containing millions of encrypted passwords emerged on a Russian hackers forum board. One user posted the file and began asking for help to crack the passwords. So far, security professionals are saying these leaked passwords seem to be specific to eHarmony and LinkedIn, as they often contain words or phrases specific to these sites. Those hackers who are able to decrypt these passwords are doing so quickly, as some reports say as many as 1 million passwords can be decrypted in under 2 hours. Without the rest of the login information, a hacker can´t do too much damage. However, if the hackers are able to find the passwords and decrypt them, it´s likely they´d be able to find the rest of the login information as well. If the same password is used in different areas on the web, the risk for other hacks grows exponentially.
We´ll have more information for you as it becomes available.
For more information on changing your passwords and choosing secure passwords, visit this site: http://nakedsecurity.sophos.com/2010/02/03/choose-strong-password/