Last.fm Password Hack Went Undetected For Months

By Sam Gibbs on at

That Last.fm hack that was exposed last week, which sent passwords spewing onto the internet, apparently happened at least three months ago. Last.fm didn't have a clue, even though its users complained of spam.

According to a report by GigaOM, the hack happened at least three months ago, and despite doing an audit after reports of spam, Last.fm failed to notice the intrusion. It wasn't until the London-based music company got tipped off about its passwords being strewn across the net that the penny finally dropped and it took action.

It's still unclear precisely how long your passwords were left exposed, but if you used the same password for anything else, I'd definitely change it, pronto. Why the passwords weren't more heavily encrypted and secured in the first place, Lord only knows. Just by watching what happened with Sony and its PSN last year, companies should have learnt that their user data is a target and securing it properly is incredibly important. [GigaOM]

Image credit: Hackers from Shutterstock