The company didn't explain why it believed a breach to have occurred but the tone of apologetic urgency was unmistakable.
"We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online," said a notice on Last FM's site posted late on 7 June.
"We will never email you a direct link to update your settings or ask for your password," continued the notice after asking users to change their password as soon as possible.
Security companies have reported that the number of Last FM passwords stolen could be as high as 2.5 million.
Perhaps there is strength in numbers as far as embarrassment goes, but the latest breach is starting to look like part of a pattern.