Earlier today it was reported that Last.fm has become the third website whose passwords were among those leaked online earlier this week. At that time, the website was simply recommending that users change their password. Now, Last.fm has announced the full details of how the website is responding to the leak. In a post on the Last.fm blog, Vice President for Product Matthew Hawn announced that the company will be increasing password security and is contacting its members to recommend that they change their passwords. From the post:
We immediately implemented a number of key security changes around user data and we chose to be cautious and alert Last.fm users. We recommend that users change their password on Last.fm and on any other sites that use a similar password. All the updated passwords since yesterday afternoon have been secured with a more rigorous method for user data storage.
In addition to emailing members, Last.fm will be sending out alerts via social media and through the Last.fm website. Hawn stated that the site would be "redoubling" its efforts to secure user data.
The entire story began when a large hash of passwords was posted on a hash-cracking website earlier this week. It was quickly discovered that more than 6.4 million LinkedIn passwords may have been compromised. Later it was discovered that eHarmony passwords were also included in the leak. Both companies took action to lock down accounts affected by the leak and emailed instructions to members detailing how to reset their passwords. Last.fm is the latest website to be caught up in the password leak.
Considering the events of this week and the slowly growing number of websites affected, I'm thinking this weekend just might be the perfect time to kick back, enjoy a frosty beverage, and change my password for every online service that I use.