Last.fm was hit with a security breach three months ago despite the company acknowledging it less than a month ago. Last.fm was the third major website to be hit with a security breach after LinkedIn and eHarmony in the last month. Last.fm asked users to change their passwords after a dump of about 1.5 million passwords appeared on a cryptography forum.
Last.fm product chief Matthew Hawn posted an update saying:
?Earlier this week, Last.fm received an email that let us know a text file containing cryptographic strings for passwords (known as ?hashes?) that might be connected to Last.fm had been posted to a password cracking forum. We immediately checked the file against our user database and, while this review continues, we felt it was important enough to act on.
?We immediately implemented a number of key security changes around user data and we chose to be cautious and alert Last.fm users. We recommend that users change their password on Last.fm and on any other sites that use a similar password. All the updated passwords since yesterday afternoon have been secured with a more rigorous method for user data storage.?
This past May, several users reported that they had been spammed at email addresses that could have only been available through Last.fm’s service. Last.fm is looking into how the hackers were able to get access to the data.