First it was LinkedIn, which saw 6.5 million user passwords exposed in a breach earlier this week. Then it was eHarmony, the e-dating site, which confirmed that it had been a target of a similar attack. Now it is Last.fm, the popular music website. In a message to users, reps for Last.fm today wrote that Last.fm had been hit by hackers, and promised immediate action.
"We are currently investigating the leak of some Last.fm user passwords," the message read. "This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately." Forgot your password? No problem. (You can reset it here.) The precise size of the Last.fm leak remains unclear.
The big question, of course, is whether the eHarmony, LinkedIn, and Last.fm hacks are connected.
In an interview at the BBC, Graham Cluely of Sophos said that looks increasingly likely. "There's a mystery in the middle of the LinkedIn breach about how they got the data," Cluely said. "You have to worry there's a common vulnerability. The fact is, the only people who know are the hackers and maybe the companies concerned, but they may be struggling to work out what's happened."
The LeakedIn breach was one of the largest in recent history. At first, the extent of the attack was unclear, but the number of exposed passwords reportedly sits at well over 6 million. Vicente Silva, a director at LinkedIn, wrote in a blog post yesterday that "some of the passwords that were compromised correspond to LinkedIn accounts." Silva pointed readers to a primer on creating a stronger password.
For more tech news, follow us on Twitter @venturenaut.