Security Corner

May 10 2011   4:34PM GMT

LastPass Security Incident #4dc9630d9b403



Posted by: Ken Harthun
Tags:
LastPass
Password
password manager
Security best practice

Just received this email from LastPass which gives further information about the security incident.

Dear LastPass User,

On May 3rd, we discovered suspicious network activity on the LastPass internal network. After investigating, we determined that it was possible that a limited amount of data was accessed. All LastPass accounts were quickly locked down, preventing access from unknown locations. We then announced our findings and course of action on our blog and spoke with the media.

As you know, LastPass does not have access to your master password or your confidential data. To further secure your account, LastPass now requires you to verify your identity when logging in. You will be prompted to validate your email if you try to log in from a new location. This prompt will continue to appear until you change your master password or indicate that you are comfortable with the strength of your master password.

Please visit https://lastpass.com/status for more information.

Thanks,
The LastPass Team

As I said before, I am very impressed by their response to this incident. Here is their latest update on the blog:

LastPass Security Notification

Update 9, ~11am 05/09 EST:

Many users are changing their password and then determining they can’t remember it, a number have also run into issues with password changes and want to go back, you can now do this yourself without contacting us: https://lastpass.com/revert
It allows you to either roll back your last password change or revert your account to the 4th. You must prove access to your email again to use it.

I guess those users should read Security Corner more often. This would help them:Your Wallet is the Best Password Manager, as would this one:Un-guessable Passwords—How to Make Them.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: