LastPass suffers possible hacker intrusion

After an unfortunately long streak of security issues in the tech industry, online password manager LastPass has noticed a network anomaly that could possibly be an unwanted hacker intrusion. As LastPass is no novice to security, they are requiring all users to change their master passwords to prevent any other passwords from being accessed unwillingly.

LastPass, who notified users via their blog, stated they noticed a network traffic anomaly on one of their servers which they couldn't find the root cause of. After attempting to source the issue, they also discovered a smaller outgoing traffic anomaly from one of their databases, which they couldn’t account for either. “We're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed"

The LastPass Team estimated that the amount of data transferred could have been enough to transfer user email addresses, server salt and password hashes from the database. They claim it wasn’t enough traffic to steal “many users encrypted data blobs” – meaning the greatest security threat would be if you had an easily brute-forced dictionary-based master password, and as a precaution this should be updated to prevent data theft.

Record traffic to LastPass as users attempt to change their password has left the site struggling to cope with the amount of password reset requests. However, as LastPass is being extremely precautious and doing many checks on their systems, including rolling out a planned security upgrade, it is extremely unlikely any data will be stolen.

Report a problem with article
Previous Story

Raspberry Pi: The $25 USB key-sized computer

Next Story

Apple talking to two firms about switching ambient light sensors

23 Comments

Commenting is disabled on this article.

abadaba said,
That's what they get for killing Xmarks...

Did I miss something? Lastpass saved Xmarks from being shutdown by purchasing them.

Basho1 said,
Did I miss something? Lastpass saved Xmarks from being shutdown by purchasing them.
I suppose abadaba is not happy about LastPass not letting Xmarks run their shop as it was. Xmarks canned password sync in favour of LastPass offering.

iCeCLoW said,
Does your brain encrypt stored sensible information?
If not someone could eventually extract that info.

lolwut??

thats because the most reliable service for storing and managing passwords is called Human Brain, unless you are mentally challenged and ask for a manual every time you buy socks

allwynd said,
thats because the most reliable service for storing and managing passwords is called Human Brain, unless you are mentally challenged and ask for a manual every time you buy socks

No, it's not.

allwynd said,
thats because the most reliable service for storing and managing passwords is called Human Brain, unless you are mentally challenged and ask for a manual every time you buy socks

Just wondering, how many sites are you registered on and how many of those have a unique password?
Most people using such services have one password per site, pretty good for security, unless LastPass get's hacked of course though i would guess they have some pretty good encryption going on

allwynd said,
thats because the most reliable service for storing and managing passwords is called Human Brain, unless you are mentally challenged and ask for a manual every time you buy socks

How many 256-bit passwords can you remember, may I ask? I think you'd probably want a manual for that.

allwynd said,
thats because the most reliable service for storing and managing passwords is called Human Brain, unless you are mentally challenged and ask for a manual every time you buy socks

What`s wrong with a good old bit of paper and a pencil? Unless you have an IQ of 537 it`s not easy to remember all your passwords, unless of course you allways use the same one

Riggers said,

What`s wrong with a good old bit of paper and a pencil? Unless you have an IQ of 537 it`s not easy to remember all your passwords, unless of course you allways use the same one

Passwords written on a piece of paper is just as bad

Riggers said,

What`s wrong with a good old bit of paper and a pencil? Unless you have an IQ of 537 it`s not easy to remember all your passwords, unless of course you allways use the same one

What if you lose that paper? Or if someone finds it?

A piece of paper might be okay is it is in a page protector and stored in a strong safe.

Julius Caro said,
Well at least it looks like these peeps actually encrypted the database.

Yes...they have a lot more security measures than many others.

Hrmm an online DB of passwords and personal info for lots of people...got me stumped how it took this long for em to get something

Osiris said,
Hrmm an online DB of passwords and personal info for lots of people...got me stumped how it took this long for em to get something

Maybe it took such a long time for something this minor to occur because LastPass is good with security.

All passwords are stored as salted hashes. If you have a strong master pass, nothing much should happen.

The time of year for security breaches then *looks at cracking software running in background*