Hot on the heels of the LinkedIn and eHarmony password breaches, Last.FM has announced on its website that they are "investigating the leak of some Last.fm user passwords". If you are a Last.FM member, you should take immediate action to minimize your risk.
What you should do now
- Change your Last.FM password
- If you use the same password on other sites you need to change it on those too
- Make your new password(s) complex. Don't just replace a weak password with a different weak password
- Do not use the same password on different websites
- Be wary of phishing emails asking you to log into Last.FM account and change your password. Last.FM will not send you an email containing a password reset link.
Using different passwords on all of your websites isolates your exposure should one site be compromised. If you're a my1login user, remember that you can use my1login's Password Generator to generate extremely strong, long, high-entropy passwords.