Last.fm admitted in a statement on Thursday that it is investigating the leak of "some" user passwords. While it did not disclose the number of passwords, the site is asking all users to change their passwords. Last.fm did not specify whether user passwords were hashed and salted.
Estimates put the number of compromised passwords between 2.5 million and 17.3 million, according to a report by ZDNet UK.
“We strongly recommend that your new Last.fm password is different to the password you use on other services….We’re sorry for the inconvenience around changing your password; Last.fm takes your privacy very seriously”, the company said in the statement.
Last.fm is a music recommendation service. Based on a user’s listening history collected by the company’s Scrobbler software, Last.fm provides recommendations for additional music selections. Users can also share music recommendations with other community members.
Last.fm joins professional networking site LinkedIn and online dating service eHarmony as websites that have had their user passwords stolen and posted on line. LinkedIn confirmed that 6.5 million hashed passwords were compromised, while eHarmony has not said how many of its hashed passwords were exposed, although reports put the number at 1.5 million.