It looks like LinkedIn isn’t the only company dealing with password woes as of late.
Just one day after it was reported that 6.5 million LinkedIn user passwords were dumped onto the web, London-based music recommendation network Last.fm has just recently announced on their website that they too are “investigating the leak of some Last.fm user passwords.”
Though the company didn’t disclose how many users were affected by the issue or how the leak occurred, they still asked users to change their passwords just to be safe. At this point, it’s unknown how secure those leaked passwords actually are — LinkedIn caught some flack for storing user passwords as unsalted SHA-1 hashes, a practice they claimed they recently amended.
Perhaps in response to reports of LinkedIn phishing emails that went around after the password dump was reported, Last.fm’s post also states that the company will never send their users a direct link asking them to update their settings or change their password.
Their investigation is currently ongoing, and they’ll hopefully disclose more details on their Twitter account soon. Whether or not they’ll be more forthcoming than LinkedIn is another story entirely — it’s been nearly 24 hours after their initial disclosure, and LinkedIn still hasn’t released any further information about the mechanics or impact of their own breach.