LastPass user panic over possible server breach

Written by Antony Leather

May 9, 2011 // 11:22 a.m.

Tags: #android #firefox #google-chrome #lastpass #password #password-manage #password-manager

Popular password manager LastPass took action against a possible security breach late last week, forcing many users to change their master passwords.

In a statement on the team's blog, LastPass said an anomaly was spotted in its data logs that it was unable to explain. It immediately took the stance that the anomaly pointed to something malicious, saying: 'we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed.'

According to the statement, the amount of data that could have been accessed was small, and the breach wouldn't affect users with strong, non-dictionary based passwords or pass phrases.

LastPass initially forced some users to change their passwords, but its servers struggled under the deluge of password change requests as the news of the possible breach spread, forcing the company to disable password changing until its servers caught up.

In a later update, LastPass said that most users that continued to access the service from the same IP address were unaffected. According to the latest update in the blog over the weekend, password changing has now been restored to all users. However, the company advises that there's 'no need to panic', as 'all accounts were put into a locked down mode of only allowing previous login locations or verify via email, until password change.'

LastPass has over 50,000 downloads per week for Firefox alone, and supports all major platforms and smartphones.

Do you use a password manager, or do you limit the amount of important information you store online to a minimum? Let us know in the forums.

QUICK COMMENT

View this in the forums

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU