Hello from Last.fm HQ,
Earlier this week, Last.fm received an email that let us know a text file containing cryptographic strings for passwords (known as “hashes”) that might be connected to Last.fm had been posted to a password cracking forum. We immediately checked the file against our user database, and while this review continues, we felt it was important enough to act on.
We immediately implemented a number of key security changes around user data and we chose to be cautious and alert Last.fm users. We recommend that users change their password on Last.fm and on any other sites that use a similar password. All the updated passwords since yesterday afternoon have been secured with a more rigorous method for user data storage.
To reach as many users as quickly as possible, we are sending these alerts via social media, direct email and on the Last.fm site itself.
We take the security of our users very seriously, and going forward we want you to know we’re redoubling our efforts to protect our users’ data.
Thanks for your support,
The Last.fm Team