After an unfortunately long streak of security issues in the tech industry, online password manager LastPass has noticed a network anomaly that could possibly be an unwanted hacker intrusion. As LastPass is no novice to security, they are requiring all users to change their master passwords to prevent any other passwords from being accessed unwillingly.
LastPass, who notified users via their blog, stated they noticed a network traffic anomaly on one of their servers which they couldn't find the root cause of. After attempting to source the issue, they also discovered a smaller outgoing traffic anomaly from one of their databases, which they couldn’t account for either. “We're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed"
The LastPass Team estimated that the amount of data transferred could have been enough to transfer user email addresses, server salt and password hashes from the database. They claim it wasn’t enough traffic to steal “many users encrypted data blobs” – meaning the greatest security threat would be if you had an easily brute-forced dictionary-based master password, and as a precaution this should be updated to prevent data theft.
Record traffic to LastPass as users attempt to change their password has left the site struggling to cope with the amount of password reset requests. However, as LastPass is being extremely precautious and doing many checks on their systems, including rolling out a planned security upgrade, it is extremely unlikely any data will be stolen.