The web of tech firms involved in this week's password hack expanded further today, with music site Last.fm acknowledging a breach.
"We are currently investigating the leak of some Last.fm user passwords," the firm said in a note on its website. "This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we're asking all our users to change their passwords immediately."
The site said it does not email customers with direct links to update settings or provide passwords. Any emails that purport to be from Last.fm requesting information are likely phishing messages from scammers after your personal information.
Last.fm apologised for the inconvenience and promised to post update to its Twitter feed.
The company, which was purchased by CBS in 2007, is just the latest firm to reveal that their users' passwords were compromised. Yesterday, LinkedIn confirmed a breach of a reported six million passwords, while dating site eHarmony had 1.5 million passwords exposed.
After the Last.fm reveal, security experts reiterated that everyone using those sites should change their passwords, even if they weren't directly affected.
"Of course, it also makes sense to review whether you are using the same password on any other websites too. If you are, then you should change them there as well - and make sure that you never use the same password on multiple websites," Sophos analyst Graham Cluley said in a blog post.
Update: LinkedIn this afternoon confirmed that 6.5 million passwords were compromised. "To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorised access to any member's account as a result of this event," the company said in a blog post. "We are also actively working with law enforcement, which is investigating this matter."