Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LastPass Warns of Potential Breach


  • Please log in to reply
No replies to this topic

#1 tork

tork

  • Members
  • 718 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:here
  • Local time:03:51 PM

Posted 05 May 2011 - 10:59 AM

LastPass Security Notification
We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password. We take a close look at our logs and try to explain every anomaly we see. Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines...In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs...

http://blog.lastpass.com/2011/05/lastpass-security-notification.html

LastPass's decision to reset passwords as a precaution has made it difficult for some legitimate users to log onto the service again. Tips on re-enabling accounts can be found in a blog post by Chris Boyd, a security researcher at GFI Software, here.

http://www.theregister.co.uk/2011/05/05/lastpass_password_reset/

http://www.h-online.com/security/news/item/Potential-intrusion-suspected-in-LastPass-password-service-1238148.html
http://sunbeltblog.blogspot.com/2011/05/use-lastpass-change-your-master.html
http://blogs.pcmag.com/securitywatch/2011/05/lastpass_warns_of_potential_br.php

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users