Public Service Annoucement: Last.fm Passwords Compromised

  • June 7, 2012

Wow, what a week!!!

Yet another firm, Last.fm, is claiming to have their passwords compromised. Per comments from last.fm it looks like the same attacker was able to use similar tactics to gain access to their environment:

The Last.fm crew says that its own passwords may have been swiped up in the same leak, and will be updating users through its Twitter handle @lastfm while the investigation is ongoing. The company has not yet confirmed that accounts have been compromised, but still encourages users to change passwords now.Source: VB/Media


It appears that there are already speared phishing attempts occuring on last.fm users so be weary of that as well:

Last.fm also promises that it will “never email you a direct link to update your settings or ask for your password.” Important to note, as a number of spoofed LinkedIn e-mails were sent to members asking them to update their accounts.

From the perspective of attackers, this is pretty big news. Their ability to infiltrate three distinct properties, and sizable properties at that, makes you wonder if a new, undisclosed, vulnerability has been found.

Tony is the Head of Security Products at GoDaddy and Sucuri Co-Founder. His passion lies in educating and bringing awareness about online threats to business owners. His passions revolve around understanding the psychology of bad actors, the impacts and havoc hacks have on website owners, and thinking through the evolution of attacks. You can find his personal thoughts on security at perezbox.com and you can follow him on Twitter at @perezbox.

Related Tags
2 comments
  1. Pingback: Password Security in the Year 2012
  2. Pingback: Is LastPass Secure? - PerezBox

Comments are closed.

Related Categories
You May Also Like