Right on the heels of LinkedIn and eHarmony confirming that passwords were leaked due to a hack, social music site Last.fm is reporting that it too is currently investigating the leak of user passwords. Its warning was extremely brief, and did not disclose how many accounts are at risk, or any details pertaining to its security.
"We are currently investigating the leak of some Last.fm user passwords," the company said. "This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately."
"We strongly recommend that your new Last.fm password is different to the password you use on other services," the blog added. "We’re sorry for the inconvenience around changing your password; Last.fm takes your privacy very seriously. We’ll be posting updates in our forums and via our Twitter account (@lastfm) as we get to the bottom of this."
It's assumed that the hack was performed by the same individual that broke into LinkedIn and eHarmony on Wednesday. Graham Cluley, security expert at Sophos, is worried that all three sites are sharing the same vulnerability. If that's the case, we could see more of this if the same flaw is exploited elsewhere.
"Can it be coincidence? It seems unlikely to me," he told BBC News. "There's a mystery in the middle of the LinkedIn breach about how they got the data. You have to worry there's a common vulnerability. The fact is, the only people who know are the hackers and maybe the companies concerned, but they may be struggling to work out what's happened."
"Is this the end of the story, or is there more to come?" he added.
"We strongly recommend that your new Last.fm password is different to the password you use on other services," Last.fm suggested on Thursday. "For more advice on choosing a solid password we recommend: http://www.google.co.uk/goodtoknow/online-safety/passwords/."
It's been at least 24 hours since LinkedIn confirmed its password-spilling security breach, and the company still hasn't disclosed any information about the mechanics or the total impact of the hack. Hopefully we'll hear something soon. In the meantime, web surfers will likely need to be prepared to change their passwords at any moment given the current "epidemic."