London radio station Last FM has asked its users to change theiraccount passwords after becoming the latest high-profile firm toown up to the possibility of a security breach. The company didn’t explain why it believed a breach to haveoccurred but the tone of apologetic urgency was unmistakable. “We are currently investigating the leak of some Last.fm userpasswords. This follows recent password leaks on other sites, aswell as information posted online,” said a notice on Last FM’s siteposted late on 7 June. “We will never email you a direct link to update your settings orask for your password,” continued the notice after asking users tochange their password as soon as possible. Professional Led Grow Lights
Security companies have reported that the number of Last FMpasswords stolen could be as high as 2.5 million. Perhaps there is strength in numbers as far as embarrassment goes,but the latest breach is starting to look like part of a pattern. “Can it be coincidence? It seems unlikely to me. There’s a mysteryin the middle of the LinkedIn breach about how they got the data. Led Sun Jar
You have to worry there’s a commonvulnerability,” resident Sophos security expert Graham Cluley toldthe BBC. “The fact is, the only people who know are the hackers and maybethe companies concerned, but they may be struggling to work outwhat’s happened. Two other sites also appear to have suffered major passwordbreaches in recent days, LinkedIn and dating site eHarmony – thesecond to hit the latter site in recent times. If a specificvulnerability connects these hacks to one another more breacheswill probably follow in the coming days. Led Ceiling Downlights
Gaining access to passwords does not immediately reveal them aslong as they have been ‘hashed’ – encrypted – but even thistechnique might no longer be sufficient to deter determinedattackers if ‘salting (the addition of random elements that makeshash comparison against a lookup table nearly impossible). “The indiscriminate proliferation of data breaches across allindustry sectors should serve as a clear warning that perimeterdefences such as encryption and anti-virus software, are no longerenough to effectively protect IT infrastructures and personalinformation,” said Ross Brewer of LogRythm.