Makes sense
Just checked my account, same pword. Happy days.
LastPass resets passwords following possible hack
Password management system LastPass has reset users' master passwords as a precaution following the discovery of a possible hack attack against its systems. The move follows the detection of two anomalies – one affecting a database server – on LastPass's network on Tuesday that could be the result of a possible hack attack. …
-
Thursday 5th May 2011 12:28 GMT peyton?
They allow simple passwords?
Surely this company from the start new it would be a target for this kind of thing. Shouldn't the password guarding all your other passwords be required to be fairly strong?! My understanding of its point is to make password management easier - but requiring users to remember one strong password is not that big a deal.
-
Thursday 5th May 2011 14:46 GMT BristolBachelor
WTF Downvoters?
With all people's eggs in one barsket, it's a bit obvious that this site would be a target.
Why the downvotes for peyton's comments FFS!
(Or is it because they suggested a Paris level of intellect and understanding on the part of the people who set-up and ran a system that allowed weak passwords and was so vulnerable to hacking that it was compromised twice independantly in a week?)
-
Thursday 5th May 2011 14:49 GMT ttuk
it should..
but its not critical...
It's only really an issue if a hacker manages to get hold of the encyrpted data, as then they can sit and try and brute force it offline..
However to download your encrypted data you need to enter the right password to their server (which is sent over as a hash, they don't have it).. but you only get 5 tries before they lock you out..
-
-
-
Thursday 5th May 2011 12:37 GMT TonyHoyle
No reset here
Which is a relief.
They did the right thing. Properly functioning auditing detected the anomaly, they investigated and even though they can't prove it's a compromise took the decision to err on the side of caution before it became a full blown breach.
Much better than certain large consumer electronics companies I could mention.
-
-
Thursday 5th May 2011 21:30 GMT Highlander
So, it's not just Sony that get's hacked?
Interesting story, I wonder where the hate is? Surely after Sony's example, every organization that get's hacked should be subject to several stories that offer increasingly speculative worst case scenarios and bias against the organization that was hacked? Where are all the words of blame? Good lord, this is a password management company, they were a target the moment they commenced operation, and they know/knew it. Considering the service they offer, I can only hope that they quickly determine how someone got into their systems and do take the opportunity to improve their hashing.
-
Thursday 5th May 2011 22:17 GMT Fred Flintstone
Ah, the irony of it..
So this is the site that wants you to store all their passwords with them?
Whoehahahaha! HihiHAAAAAAHAHAHAHAHAAAA Hi. HaHAAAAAAAAHAHAHA. Hihi, hi, hahahaha, hihihaha, hi, snirf (wiping eyes and blowing nose). And it's not even Friday yet. Hahahaha. Cough.
This deserves some sort of award..
-
Friday 6th May 2011 09:54 GMT Scorchio!!
Re: Ah, the irony of it..
"So this is the site that wants you to store all their passwords with them?"
Cloud mania again. I wouldn't trust any third party with my passwords for the security reason among others, and I'll continue to use Mirek W's PINs, which I carry around with me and use to access password protected files, and store in a True Crypt container when I travel:
http://www.mirekw.com/winfreeware/pins.html
I can use this even when my ISP or the LastPass provider is down.
-
-
Friday 6th May 2011 10:09 GMT Anonymous Coward
Why the schadenfreude ?
In today's world, a password manager is an essential tool. They only way a person who is reasonably net-enabled could avoid the need for one, is to use the same password fo all sites (or some fairly easy to mangling). OK, some password managers can run in portable USB format, which is great - until you get a PC with a disabled USB port. So a cloud-based system is pretty nifty.
Given that LastPass is FREE, if you're so inclined, I don't think they're doing such a bad job. Certainly made my life easier. And having been hit by this myself, and unable to access my vault online, I am seriously impressed that they quickly posted a link to "LastPass Pocket" which allows you to access your locally stored cache.
This topic is closed for new posts.
Biting the hand that feeds IT
