Want to see if your password was leaked? Check now with our tool: https://lastpass.com/lastfm.
Whether or not yours made the list, though, we highly recommend you update your password. LinkedIn and eHarmony users can also check if their passwords were leaked, at https://lastpass.com/linkedin and https://lastpass.com/eharmony although we highly recommend updating all accounts that used the same or similar passwords. For LastPass users, the LastPass security challenge located in the Tools menu under the LastPass Icon menu can also help you identify duplicate or weak passwords for other accounts.
After posting a note on its blog on Thursday, June 7 indicating that it was investigating the situation, Last.fm began emailing its user base, notifying them of the investigation and advising them to update their password immediately. The email encourages users to go directly to Last.fm to login and update their password, indicating that they will not send a password reset link via email. We’ll echo that sentiment – if you receive a password reset email for any service and are not sure if it’s genuine, just type out the URL to go to the service, and login to your account to then update your password.
Unlike the LinkedIn and eHarmony breaches reported last week, according to security researcher @CrackMeIfYouCan, the Last.fm breach actually began in 2010, and 16.4 million of 17.3 million MD5-hashed passwords have already been cracked. For those who are unfamiliar with the hashing algorithms, MD5 is considerably less secure than SHA1, and has been publicly declared “no longer considered safe” for commercial websites.
Given that this breach occurred so long ago, its even more critical that users act now to update their account password, and start creating unique, strong passwords for each of their online accounts. The LastPass security challenge will give you a good starting point, and you can then use the LastPass password generator to start better securing your online life.
– The LastPass Team