Public Service Annoucement: Passwords Compromised

Wow, what a week!!!

Yet another firm,, is claiming to have their passwords compromised. Per comments from it looks like the same attacker was able to use similar tactics to gain access to their environment:

The crew says that its own passwords may have been swiped up in the same leak, and will be updating users through its Twitter handle @lastfm while the investigation is ongoing. The company has not yet confirmed that accounts have been compromised, but still encourages users to change passwords now.Source: VB/Media

It appears that there are already speared phishing attempts occuring on users so be weary of that as well: also promises that it will “never email you a direct link to update your settings or ask for your password.” Important to note, as a number of spoofed LinkedIn e-mails were sent to members asking them to update their accounts.

From the perspective of attackers, this is pretty big news. Their ability to infiltrate three distinct properties, and sizable properties at that, makes you wonder if a new, undisclosed, vulnerability has been found.

Read more: Public Service Annoucement: Passwords Compromised

Story added 7. June 2012, content source with full text you can find at link above.