Today, security journalist Brian Krebs pseudo-officially dubbed the first week of June as Breach Week! Hurray!

Wait. Before you celebrate, Krebs was referring to the three massive password breaches announced this week: LinkedIn, eHarmony, and Last.FM. Attackers hacked into the popular Web-based services and posted online the passwords of millions of their members. LinkedIn, especially, was castigated for failing to take a pretty basic extra step, salting, to secure users' passwords. 

As we reported yesterday, soon after the LinkedIn breach it was obvious that the company used mediocre SHA-1 hashing to secure its users' accounts. As a result the attackers cracked away and uploaded a file with nearly 6.5 million users' hashed passwords (including our own Neil Rubenking's). 

eHarmony's breach led to the posting of at least 1.5 million hashed passwords, although a LastPass spokeswoman said this list was probably incomplete as it did not contain common passwords like "12345" and "monkey." 

And on Wednesday, Last.fm warned users in a tweet to change their passwords due to a leak of "some Last.fm user passwords." Sounds commendable, but according to security researcher @CrackMeIfYouCan, the breach actually began in 2010, and 16.4 million of 17.3 million MD5-hashed passwords have already been cracked. MD5 is laughably less secure than SHA1, by the way. 

How to Find Out If You've Been Compromised

Affected users have been notified by the companies, but it's likely the attackers have more passwords in their possession. If you'd rather not wait for an email notification (or don't trust it), you can quickly check if your LinkedIn or eHarmony passwords have been compromised courtesy of LastPass:

LinkedIn: https://lastpass.com/linkedin/

eHarmony: https://lastpass.com/eharmony/

Nag...Change Your Passwords

Salting and hashing can only go so far, however. As F-Secure notes, if an attacker has your salt values and code, "the only thing that is protecting user accounts is the strength of passwords."

By now, PCMag faithfuls are very familiar with creating "insanely strong" passwords. Click here for some even more basic Do's and Don'ts. 

If your list of passwords gets too long, check out password managers, like LastPass and Dashlane, which can generate strong passwords for you too. These two managers come with iPhone versions and Android versions as well. 

It's an unfortunate requirement that we web application users are forced to blindly trust the service provider to securely store our data. Some companies, like banks, require government-regulated security practices, but most do not, and we never know how weak the provider's security practices are until it's too late. But you can stay a step ahead by, at the very least, changing your passwords to make them stronger.