Last.fm users warned of password leaks

8 Jun 2012

Last.fm has issued a warning to users that passwords may have been leaked online, while investigations at LinkedIn and eHarmony continue, and Facebook introduces enhanced security for mobile users.

Last.fm has now been added to the list of networks compromised by the posting of around 8m password hashes to hacker forums InsidePro earlier this week. Since then, many of these passwords have been decoded and published online.

Both LinkedIn and eHarmony discovered that millions of their members were affected by this breach, and now, Last.fm users should also be on alert.

Password changes recommended

The music recommendation service stated on its blog that some Last.fm user passwords have been leaked and that the incident is under investigation. “As a precautionary measure, we’re asking all our users to change their passwords immediately,” the statement read.

Users are reminded that Last.fm would never email them a direct link to update settings or ask for their password and any emails to this effect should be treated as suspicious.

LinkedIn to enhance security measures

Since Siliconrepublic.com reported on LinkedIn’s password problems yesterday, director Vicente Silveira has written another blog post, this time pointing out the steps the social network plans to take in order to protect its members.

The first steps taken were to lock down and protect those accounts that were recognised as compromised – those accounts at greatest risk – as well as any accounts LinkedIn thought could potentially be affected. Passwords were reset and affected members were notified via email.

Further to that, LinkedIn’s database of passwords has now been salted (a method of further encryption) as well as hashed, to provide additional security going forward.

Investigations into the security breach have been handed over to law enforcement, but so far both LinkedIn and eHarmony have received no reports of unauthorised access to accounts.

Facebook enhances mobile security

No doubt inspired by the recent security failure, in a blog post Facebook Security notified users of updates to mobile safety and security.

This includes a new application for login approval codes, the ability to report unwanted content on the mobile site, and access to tools to secure compromised accounts, as well as the social authentication tool.

Stay safe and secure online

Silveira closes off his post with a warning that members should be on high alert for phishing emails and spam requesting sensitive information – particularly those that purport to come from one of the compromised networks.

Becky Teraoka, public relations manager at eHarmony, wrote on the company blog: “Do not click links in emails you receive if you are unfamiliar with the sender or weren’t expecting the message. Be especially cautious about messages that invite you to click a link in order to update your password or account information.”

Users should be wary of embedded links in these emails, though LinkedIn has stated its notification emails to affected users will include a link directly to the site, so users will have to access the site via a new browser window.

The simplest way to check the validity of such an email is to check the sender’s address. If it’s not from the company’s domain (eg, @linkedin.com), it’s likely best off in the trash.

Use common sense and be cautious.

Elaine Burke is the host of For Tech’s Sake, a co-production from Silicon Republic and The HeadStuff Podcast Network. She was previously the editor of Silicon Republic.

editorial@siliconrepublic.com