back to article Last.fm tell users to change passwords IMMEDIATELY

Last.fm users are the latest internet community to get the “change your password” message as the music streaming site investigates a “leak of some user passwords”. However, unlike LinkedIn or eHarmony, Last.fm has jumped on the suspicion that something’s wrong, rather than waiting for user passwords to appear on the Internet. In …

COMMENTS

This topic is closed for new posts.
Holmes

You know how I know they have iPhone apps?

Do you know how I know those passwords happen to be a subset of the various userbases who have used the site/app with an iPhone?

2
1

Re: You know how I know they have iPhone apps?

No, do tell

2
0
Silver badge
FAIL

Re: You know how I know they have iPhone apps?

"Those sites" - so presumably you're including LinkedIn in your claim.

In which case, the icon you chose is incorrect; Sherlock wears a deerstalker, not a tinfoil hat.

(I have never accessed LinkedIn on my phone, let alone on a brand of phone I will not own)

1
0
Silver badge

Re: You know how I know they have iPhone apps?

Self correction: you didn't say, as I quoted, "those sites" but your wording still reads to me as though that"s what you meant.

0
0

Re: You know how I know they have iPhone apps?

So are you saying that your linkedin password was published, even though you don't use the iPhone app?

0
0
Silver badge

Re: You know how I know they have iPhone apps?

Yes.

0
0
Silver badge

Re: You know how I know they have iPhone apps?

Unless, of course, there's someone else out there who happens to use the iPhone app, and just happens to have the very same password as me - which doesn't seem likely to me.

0
0

ohhhh :-)

Has my password been published, did they do it alongside a picture?

0
0
Anonymous Coward

I don't use an iPhone and my password wasn't in the LinkedIn list...

0
0
Anonymous Coward

A question . . .

. . . . passwords hashed and salted are only a protection against people with access to the database, if they have access to that what else did they get and do?? Of course this assumes no crazy access such as SELECT * FROM <tablename> injection (sqlMap) showing on screen? Obviously goes for the other recent hacks (LinkedIn, . . .) has any of these people disclosed how access to the database was gained? Guess not.

0
0

Re: A question . . .

I was going to say something similar; why would you allow a SELECT against the password column (hashed and salted or otherwise) that isn't limited to returning 1 record?

That aside, my Last.fm password isn't complex because I really couldn't care less if someone got in and liked some random songs.

+1 to them for preempting; let's hope they fix the hole now.

0
0
Anonymous Coward

Error: logic consistency failure

"Last.fm takes your privacy very seriously,"

Isn't the whole point of Last.fm to publish every last little song you listen to, for others to marvel at? In what way is that "privacy"? Isn't the very use of Last.fm discarding an element of your privacy?

It seems the one word that best sums up the whole Web2.0 is:

ME

"Look at ME. Here MY music list. This is where *I* am. This is what *I* am thinking. Here are MY friends. These are the movies *I* am watching. Let ME tell you more about MY favorite subject - ME!"

And then people are surprised when the various web sites dedicated to letting them broadcast their every little movement aren't very careful with their privacy.

It just make ME sick.

5
3
Thumb Up

Re: Error: logic consistency failure

Yes, and very interesting; I looked at my last.fm account for the first time in what is probably years - I use last.fm ripper and my Onkyo amp rather than pissing about with their interface - and saw that my email address was still the free hotpop.com address, which died along with the free part of hotpop.com a few years ago.

I don't broadcast my activities and interests on these sites. Clearly I am there for only one thing, and the software that I use says it all. I don't put personal addresses in these sites; I enter bogus data. Similarly when I obtain free music from bandcamp I use meltmail or similar for a short duration, where required, so they can email me the URL and force spam on me, they think.

As a general rule, I don't enter identifying optional personal data; where data are required, I enter bogus identifying data. For me social networking sites are useless unless they have something tangible that I want, music, searching out old contacts, information on IT security, and so on.

Whether my policy has paid off or not I do not know, but I have observed in the past couple of years a tendency for establishments/institutions, ranging from employers through to government departments, to snoop on people, with some employers insisting on seeing an employee's or prospective employee's Facebook pages. I don't have any because I don't have a Facebook account. Sometimes I open one when I am looking for an old contact, I use a false name and other critical data, I use a password generator for long passwords that include digits, symbols, and upper/lower case. I leave out the optional data. I close the account when I'm finished. The last time I did so there was a nuke option that was publicised during one of the many Facebook bad security revelations.

Then there is the complex vs simple password argument that has reared its ugly head, and I see that some are veering toward memorable and long. Perhaps I am a cynic... ...speaking of security, it has come to a pretty pass when the director of one of the British intelligence and security services can be caught out on his Facebook pages, allowing the world to see his private data. The man should be fired.

1
1

I'm glad these companies are hiring only the best straight out of uni. Their knowledge is update and they'll work really long hours so everything about their site will be awesome and secure.

0
2
This topic is closed for new posts.

Forums