Potential intrusion suspected in LastPass password service


Recommended Posts

5 May 2011, 14:00

Potential intrusion suspected in LastPass password service

"Network traffic anomalies" to and from the databases of the LastPass password management service have caused the company to suspect that intruders could have harvested personal information – including some customers' master passwords. LastPass is an online password manager that can automatically fill in the log-in forms of web pages by using a browser plug-in.

LastPass said that it doesn't have any concrete evidence of a break-in – but that "where there's smoke, there could have been fire". The company is, therefore, forcing all its customers to change their master passwords. LastPass said that, although it assumes that the salted password hashes will withstand a brute-force attack, very weak passwords could be cracked using a dictionary attack, and that it wants to be on the safe side.

http://www.h-online.com/security/news/item/Potential-intrusion-suspected-in-LastPass-password-service-1238148.html

And story here: http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229402897/password-manager-service-lastpass-investigating-possible-database-breach.html

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...