Lastpass potentially compromised, Passwords reset as a precaution

Carbonyl · May 5, 2011

In a recent post on the LastPass blog, it was revealed that certain anomalous activities in their network were cause for concern.

LastPass said:

We take a close look at our logs and try to explain every anomaly we see. Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines. These happen occasionally, and we typically identify them as an employee or an automated script.

In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs.
Click to expand...

Data remains sparse, according to the blog, but they've forced all users to change their master password to be on the safe side. Events are unfolding quickly, and their servers are crushed under a heavy load as people scramble to alter their passwords. Hopefully more details will be forthcoming.

JRViejo · May 5, 2011

Current topic being discussed here: [thread=293992]LastPass Vulnerability Exposes Account Details[/thread]. Thanks!

Log in or Sign up

Lastpass potentially compromised, Passwords reset as a precaution

Carbonyl Registered Member

JRViejo Super Moderator

Log in or Sign up

Lastpass potentially compromised, Passwords reset as a precaution

Carbonyl Registered Member

JRViejo Super Moderator

Useful Searches